Apache Firewall Using mod_rewrite
APACHE FIREWALL USING MOD_REWRITE
Apache Firewall
A firewall may be a device or set of devices designed to allow or deny network transmissions based mostly upon a collection of rules and is often wont to shield networks from unauthorized access whereas allowing legitimate communications to pass.
Apache Firewall firewall
There are differing kinds of firewalls counting on wherever the communication is taking place:
Network layer and packet filters: Network layer firewalls, additionally known as packet filters, operate at a comparatively low level of the TCP/IP protocol stack, not permitting packets to labor under the firewall unless they match the established rule set. The firewall administrator could outline the rules; or default rules could apply
Network layer firewalls usually fall under 2 sub-categories, stateful and homeless.
1 Stateful firewalls maintain context concerning active sessions, and use that state information to hurry packet process.
2 Stateless firewalls need less memory, and might be quicker for straightforward filters that need less time to filter than to appear up a session
Application-layer:
Application-layer firewalls work on the applying level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and should intercept all packets traveling to or from Associate in Nursing application. They block alternative packets (usually dropping them while not acknowledgment to the sender). in essence, application firewalls will forestall all unwanted outside traffic from reaching protected machines.
Read also : Apache Velocity Engine
Proxies:
A proxy device which could be running either on dedicated hardware or as software package on any given computer/machine which can act as a firewall by responding to input packets (connection requests, for example) within the manner of Associate in Nursing application, whereas interference alternative packets.
Network address translation:
Firewalls typically have network address translation (NAT) practicality, and therefore the hosts protected behind a firewall unremarkably have addresses within the network area. Firewalls are typically will be having such behavior to cover verity address of protected hosts.
It may not be potential to put in a full application firewall package to prevent vulnerable attacks, Below is that the straightforward technique on the way to produce a straightforward application firewall simply exploitation mod_rewrite on apache.
First produce a config file along with your firewall rules within the apache config dir known as app_firewall.conf:
#begin app_firewall.conf
#stop track/trace requests
RewriteEngine on
RewriteCond % ^(TRACE|TRACK)
RewriteRule .* - [F]
#stop example xss vuln
RewriteCond % /vuln.php
RewriteCond % var=
Categories:
0 comments:
Post a Comment