Chapter 1. ModSecurity Introduction

This guide includes information and examples for the ModSecurity v2.9 module for use with Red Hat JBoss Core Services 2.4.37. The effectiveness of ModSecurity is based on user generated rules. As such, this guide will explain how to create and implement rules, but will not give you a set of rules to use.

ModSecurity is a web application firewall(WAF). Web application firewalls filter, monitor, and block HTTP traffic to a web application. As opposed to a regular firewall, a WAF uses filters to determine what and who interacts with your HTTPD server application. ModSecurity accomplishes this task by making use of user generated security rules. These rules allow for configurable, realtime monitoring of HTTP traffic in order to detect attacks instantly.