The Q-ModSec® (ModSecurity®,“ModSec”) network appliance is a Web Application Firewall (WAF). The Q-ModSec provides real-time web application monitoring, logging, and access control so as to harden Apache and Nginx Web servers against attacks, and especially, but not exclusively, against cross-scripting attacks. Cross scripting is the most common, and most dangerous, form of attack used against Web Servers. Apache powers most of the Internet’s web servers. Nginx servers are also explicitly supported.
The Q-ModSec network appliance performs as a Web Application Firewall (WAF) doing real time application security monitoring of all HTTP traffic, plus real time inspection. This is combined with a persistent storage mechanism built into ModSec to track system elements over time. In turn, this creates the ability to perform correlations over time in order to look for attack patterns.
ModSec allows selective blocking of elements so as to cut off potential attack paths. As part of its enhanced security, ModSec performs continuous passive security assessments. This is a form of real-time monitoring. Instead of focusing on the behavior of external actors (hackers), a role performed by Intrusion Detection Systems (IDS), the Q-ModSec focuses on the behavior of the web server itself. As a result of this internal focus, the Q-ModSec can detect abnormalities and security weaknesses before the web server is hacked.
In order to further harden web servers and web sites, the Q-ModSec can sharply narrow the list of allowed http behaviors, thereby creating a smaller attack surface and in turn, heighten security. E.G. HTTP request methods. Request headers. Content types. Etc. The Q-ModSec also provides restriction enforcement either directly, or via interaction with other Apache web modules. Using ModSec, it is possible to eliminate cross-site request forgery vulnerabilities as part of web application hardening.
In addition to web server hardening, the Q-ModSec can be used as an XML Web service router. The Q-ModSec parses XML, and can apply XPath expressions while proxying server requests, thereby performing as an XML router.
The Q-ModSec also includes the WAF-FLE Security Console. The WAF-FLE web interface allows admins to store, view, and search events using a graphical dashboard web gui. Events are gathered by sensors. There is no limit on the number of allowed sensors, allowing WAF-FLE to service very large numbers of web servers and/or web sites. The WAF-FLE web interface eliminates the need for any command line interface (CLI) skills.