From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Join today to access over 24,900 courses taught by industry experts.
Using the modsecurity WAF
From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Using the modsecurity WAF
- [Instructor] ModSecurity is an open source web application firewall which can be integrated with the Apache web server to provide protection against many forms of web attack. It works by inspecting incoming requests for suspicious content, and if a detection rule is triggered, blocking it. We'll not run through the installation of ModSecurity and its integration with Apache, but it's a fairly simple task to do. I've installed it in the Apache web service in Hydra, so let's go take a look at it in action. Let's browse to Hydra on HTTP 192.168.1.51, slash, and we'll go to our root homepage, index.html. Okay, we can see the standard Apache default webpage as we'd expect. Now let's add a parameter onto the URL. And we'll add ?code=1. This returns the same page ignoring the parameter. Now let's use what might be an attack parameter. And we'll use exec=/bin/bash. Now we're forbidden to access the site. Let's take a look…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
