Using GeoIP information together with ModSecurity

Introduction In my tutorial’s webserver logfile configuration, there is a position reserved for the country code of an IP address. I have never explained how I get the information into the environment variable that is then used to fill said position. There are several other guides around, but I think it’s time to provide my […]

An A7 First Aid Kit

Let’s consider Dave Wichers and the OWASP Top 10 project resists all the pressure and the 2017 edition of OWASP Top 10 will include the new A7 “Insufficient Attack Protection”. Lately the discussion has turned more constructive so maybe that prospect is not all that unrealistic. But honestly, I can not tell if A7 will […]

Securing Drupal with ModSecurity and the Core Rule Set (CRS3)

The new Core Rule Set 3.0 (CRS3) release simplifies ModSecurity/Drupal integration tremendously. Here is a guide aimed at the Drupal community to learn how to work with ModSecurity. This guide and the rule file it is based on currently covers Drupal Core. Modules / Plugins are not yet supported. But count on the Drupal community […]