Release date: 15 July 2017
Language: English (454 pages)
ISBN: 978-1-907117-07-7
Formats: PDF, EPUB,
Online; no DRM
NEW! The second edition of the definitive guide to ModSecurity, by Christian Folini and Ivan Ristić, the principal author of ModSecurity
- Step-by-step introduction to the installation and the rule language
- Detailed explanations of the internals and advanced techniques for seasoned users
- Available in various digital formats (PDF, EPUB); no DRM
- Also available online in our browser-based reading application
- Provides full coverage of ModSecurity 2.9
- In depth examination of rules performance
- Includes a comprehensive reference that goes beyond the official online reference manual
If you have purchased this book already you can now download the final version from your Feisty Duck Library.
Foreword
Preface to the Second Edition
Preface
Part I: User Guide 1. Introduction
2. Installation
3. Configuration
4. Logging
5. Rule Language Overview
6. Rule Language Tutorial
7. Rule Configuration
8. Persistent Storage
9. Practical Rule Writing
10. Performance
11. Content Injection
12. Writing Rules in Lua
13. Handling XML
14. Extending Rule Language
Part II: Reference Manual 15. Directives
16. Variables
17. Transformation Functions
18. Operators
19. Actions
20. Data Formats Guide
Index
About the Authors
|
Dr. Christian Folini is a partner at netnea AG
in Berne, Switzerland.
He holds a PhD in medieval history and enjoys defending castles across Europe.
Unfortunately, defending medieval castles
is no big business anymore and Christian turned to defending web servers which he thinks
equally challenging. With his
background in humanities, Christian is able to bridge the gap between techies and
non-techies. He brings more than ten
years' experience in this role, specialising in Apache / ModSecurity
configuration, DDoS defense and
threat modeling.
Christian is a frequent committer to the
OWASP ModSecurity Core Rule Set, vice president of Swiss Cyber Experts (a public
private partnership), program chair of the Swiss
Cyberstorm conference and president of the
Company of St. George, a well known historical reenactment group.
|
|
Ivan Ristić is a security researcher, engineer, and author, known especially for his
contributions to the web application firewall field and development of ModSecurity, an open source web application
firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.
He is the author of three books, Apache
Security, ModSecurity
Handbook, and Bulletproof SSL and
TLS, which he publishes via Feisty Duck, his own platform for continuous writing and
publishing. Ivan is an active participant in the security community and you'll often find
him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others.
His latest project, Hardenize, is a security posture analysis service that makes security fun again.
|
Preview
ModSecurity Handbook: Getting Started 2ed
A free short book that consists of the first 4 chapters of ModSecurity Handbook, Second Edition. It contains everything you need to know to install and configure ModSecurity.
Book Reviewer Kit
If you are looking to review ModSecurity Handbook, Second Edition, we have a book
reviewer kit available for you.
Twitter
If you have any questions, please find us on Twitter. If your question is about the book content,
contact @ChrFolini. For everything else,
write to @feistyduck.
About ModSecurity
ModSecurity is a renowned
and widely deployed open source web application firewall. It comes with a powerful rule
language, which allows for detailed inspection of payloads and granular
access control. Fifteen years in the making, ModSecurity has matured and the
second edition of this book covers the complete set of features available
with the latest release.
ModSecurity and mod_security are trademarks or registered trademarks
of Trustwave Holdings, Inc.

;
|
|