ModSecurity Handbook Second Edition: The book that will tell you everything you need to know about the popular open source web application firewall (Feisty Duck)

Buy ebook £24
Plus VAT if you're in the EU

Get paperback from Amazon: .com .ca
.co.uk .de .fr .jp

Includes free ebook after registration.

Release date: 15 July 2017
Language: English (454 pages)
ISBN: 978-1-907117-07-7
Formats: PDF, EPUB, Kindle,
Online; no DRM

NEW! The second edition of the definitive guide to ModSecurity, by Christian Folini and Ivan Ristić, the principal author of ModSecurity

Step-by-step introduction to the installation and the rule language
Detailed explanations of the internals and advanced techniques for seasoned users
Available in various digital formats (PDF, EPUB, Mobi/Kindle); no DRM
Also available online in our browser-based reading application
Provides full coverage of ModSecurity 2.9
In depth examination of rules performance
Includes a comprehensive reference that goes beyond the official online reference manual

If you have purchased this book already you can now download the final version from your Feisty Duck Library.

Foreword
Preface to the Second Edition
Preface
        
Part I: User Guide                1. Introduction
                2. Installation
                3. Configuration
                4. Logging
                5. Rule Language Overview
                6. Rule Language Tutorial
                7. Rule Configuration
                8. Persistent Storage 
                9. Practical Rule Writing
                10. Performance
                11. Content Injection           
                12. Writing Rules in Lua
                13. Handling XML
                14. Extending Rule Language
        
Part II: Reference Manual                15. Directives
                16. Variables
                17. Transformation Functions
                18. Operators
                19. Actions
                20. Data Formats Guide
                
Index

About the Authors

Dr. Christian Folini is a partner at netnea AG in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years' experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.

Christian is a frequent committer to the OWASP ModSecurity Core Rule Set, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and president of the Company of St. George, a well known historical reenactment group.

Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of three books, Apache Security, ModSecurity Handbook, and Bulletproof SSL and TLS, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. His latest project, Hardenize, is a security posture analysis service that makes security fun again.

Preview

ModSecurity Handbook:
Getting Started 2ed
A free short book that consists of the first 4 chapters of ModSecurity Handbook, Second Edition. It contains everything you need to know to install and configure ModSecurity.

Book Reviewer Kit

If you are looking to review ModSecurity Handbook, Second Edition, we have a book reviewer kit available for you.

Twitter

If you have any questions, please find us on Twitter. If your question is about the book content, contact @ChrFolini. For everything else, write to @feistyduck.

Resources

Book links

Christian’s Blog

About ModSecurity

ModSecurity is a renowned and widely deployed open source web application firewall. It comes with a powerful rule language, which allows for detailed inspection of payloads and granular access control. Fifteen years in the making, ModSecurity has matured and the second edition of this book covers the complete set of features available with the latest release.

ModSecurity and mod_security are trademarks or registered trademarks of Trustwave Holdings, Inc.