Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall Paperback – Mar 15 2010

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"
CDN$ 55.77 CDN$ 84.51

Harry Potter and the Cursed Child
click to open popover

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 384 pages
  • Publisher: Feisty Duck Limited; 1 edition (March 15 2010)
  • Language: English
  • ISBN-10: 1907117024
  • ISBN-13: 978-1907117022
  • Product Dimensions: 19 x 2.2 x 23.5 cm
  • Shipping Weight: 821 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #471,995 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

About the Author

Ivan Ristic is a respected security expert and author, known especially for his contribution to the web application firewall field and the development of ModSecurity, the open source web application firewall. He is also the author of Apache Security, a comprehensive security guide for the Apache web server. A frequent speaker at computer security conferences, Ivan is an active participant in the application security community, a member of the Open Web Application Security Project, and an officer of the Web Application Security Consortium.

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0x9a9465a0) out of 5 stars 10 reviews
2 of 2 people found the following review helpful
HASH(0x9a95648c) out of 5 stars Complete and authoritative June 22 2010
By Amazon Customer - Published on Amazon.com
Format: Paperback
I've finally finished reading Ivan Ristic's new book, mod_security handbook, published by Feisty Duck. Ivan is the brain behind mod_security. By the way, if you're not using mod_security on your Apache server, you should be. And this is the book to tell you how to use it.

Ivan sent me a few early releases of the book, and about a month ago I received the first print edition.

This book is what you've been waiting for if you use mod_security. (And, as I mentioned, if you're not using it, you should be.) The documentation for mod_security has long been frustrating. Even where it was complete and informative, you just didn't know where to start.

This book is where to start.

The first 2/3 of the book is written in tutorial fashion, walking you through tasks from installation to complex scripting. Chapter 6 gives a great description of writing rules, and Chapter 9 gives numerous practical examples which flesh out what goes before. I always learn best by example, so these examples and the accompanying explanations make the earlier academic learning more meaningful to me.

Chapter 8 is about persistent storage of data. I've long been interested in this area of mod_security, and have had many times when I needed it and didn't understand the docs on it. Ivan makes it much clearer than I've seen it presented before. I'll be looking back at this the next time the need arises to do this kind of thing.

The last third of the book is the reference manual. I'm a big fan of having the reference manual in printed format, although it does run the risk of being out of date quickly.

This book is constantly updated, so you can always obtain the latest version. However, it's unlikely that I'll be buying a new paper book each time there's a new release of mod_security. This book is also available in electronic format, and if you buy the ebook, you get updates to it as part of your purchase price. That's pretty cool.

On the whole, this book is a long-awaited resource, and is very well written, by the person who knows the topic best. Highly recommended. You should go get a copy right away.
1 of 1 people found the following review helpful
HASH(0x9a9564e0) out of 5 stars Comprehensive guide for securing web applications Sept. 22 2010
By Emre Sevinc - Published on Amazon.com
Format: Paperback Verified Purchase
I'm very new to ModSecurity and I found the guide to be very useful as a beginner. The books pacing is very good, starting with basics, not assuming the reader to be an expert and slowly going to great depths and advanced levels. Previously I was just installing the ModSecurity + core rule set without much understanding, now I have the guide to explain me why I did what I did. I wish that the Lua chapter was a little bit longer and included more examples but I think there is no room for big complaints overall. I have marked lots of pages and I'm keeping the book at my desk for daily web application security testing and configuration tasks. Finally, the chapter about virtual patching was an eye-opener for me.
2 of 3 people found the following review helpful
HASH(0x9aeadcd8) out of 5 stars Book Review: ModSecurity Handbook June 10 2010
By Russ McRee - Published on Amazon.com
Format: Paperback
Published as the inaugural offering from Ristic's own Feisty Duck the ModSecurity Handbook is an important read for ModSecurity fans and new users alike. Need I remind you, Ristic developed ModSecurity, the web application firewall, in 2002 and remains involved in the project to this day.
This book is a living entity as it is continually updated digitally; your purchase includes 1 year of digital updates. Ristic also wants to know what you think and will incorporate updates and feedback if relevant.

While the ModSecurity Handbook covers v2.5 and beyond, Ristic's is "the only ModSecurity book on the market that provides comprehensive coverage of all features, including those features that are only available in the development repository."
ModSecurity Handbook offers detailed technical guidance and is rules-centric in its approach including configuration, writing, rules sets, and Lua. Your purchase even includes a digital-only ModSecurity Rule Writing Workshop.

Chapter 10 is dedicated to performance as proper tuning is essential to success with ModSecurity without web application performance degradation.
That said, the highlight of this excellent read for your reviewer was Chapter 8, covering Persistent Storage.
ModSecurity persistent storage is, for all intents and purposes, a free-form database that helps you:
* Track IP address and session activity, attack, and anomaly scores
* Track user behavior over a long period of time
* Monitor for session issues including hijacking, inactivity timeouts and absolute life span
* Detect denial of service and brute force attacks
* Implement periodic alerting

Following the applied persistence model, I found periodic alerting most interesting and useful. From pg. 126, "Periodic alerting is a technique useful in the cases when it is enough to see one alert about a particular situation, and when further events would only create clutter. You can implement periodic alerting to work once per IP address, session, URL, or even an entire application."
This is the ModSecurity equivalent of a Snort IDS rule header pass action useful when internal vulnerability scanners might cause an excess of alerts.
ModSecurity rules that perform passive vulnerability scanning might detect traces of vulnerabilities in output, and alert on them. Periodic alerting would thus only alert once when configured accordingly.
As an example, perhaps you are aware of minor issues that are important to be aware of, but do not require an alert on every web server hit.
Making use of the GLOBAL collection, ModSecurity Handbook's example would translate the scenario above by following a chained rule match and defining a variable, thus telling you if an alert has fired in a previously. The presence of the variable indicates that an alert shouldn't fire again for a rule-defined period of time. In concert with expiration and counter resets it is ensured that a rule will warn you only once in a your preferred period of time but still log as you see fit too.
Useful, right?

ModSecurity Handbook, in concert with Ristic's Apache Security, are must reads for web application security administrators and architects, but will not leave those who need step-by-step instructions at a loss.
Trust me when I say, all you need to harden your web presence with ModSecurity is at your fingertips with the ModSecurity Handbook.
2 of 3 people found the following review helpful
HASH(0x9ba253b4) out of 5 stars Now my first reference point April 6 2010
By Colin Watson - Published on Amazon.com
Format: Paperback
This book is now my first reference point for any queries regarding ModSecurity configuration, optimization and rule writing. Over the years, there are many tips and useful information scattered through blogs and mailing lists, but it's good to have the best of those pulled together into a single reference document. It also benefits from being written by Ivan Risti' - as the original creator of ModSecurity his deep inside knowledge shows through.

Following a brief introduction, the User Guide begins with chapters on installation, configuration and logging. These are then followed by an overview of the ModSecurity rule language, a tutorial on writing rules, rule configuration, using persistent storage and practical rule writing. Then there are important chapters on performance, writing content injection rules, using Lua, handling XML and extending the rule language. Even ModSecurity users with a lot of experience are going to find some new information. The Reference Manual details all the directives, variables, transformational functions, actions, operators and data formats.

Continual updates to the text that are available to purchasers of the book. These are delivered online as digital PDF updates are announced via a dedicated Twitter account, so you don't need to worry about the book becoming obsolete. But the real hidden gem must be the ModSecurity Rule Writing Workshop available online to purchasers of the book. This companion volume delves into real word rule-writing and covers the types of issues that spring to mind once ModSecurity users begin to think about whitelisting and creating custom rules for their own web applications.
1 of 2 people found the following review helpful
HASH(0x9acb4774) out of 5 stars Absolutely Required Reading Material March 18 2010
By Joshua Zlatin - Published on Amazon.com
Format: Paperback
As the title says, this book is required reading material for anyone using ModSecurity. I found the book to be clearly written and simple to follow. From a high level perspective, the book covers ModSecurity installation, configuration, logging, rules writing and optimization. For me, the rules writing was most important, and the book has six chapters dedicated to just that. Its by far the most comprehensive tutorial on subject out there.

This book is great for both beginners and as a reference for experts. Short of flying to London and studying ModSecurity with its creator, this book is the next best thing. There are numerous examples of how to implement various solutions to common problems (e.g. Session Hijacking, securing session tokens etc.) that can be copy and pasted directly from the examples shown. My only complaint about the book is that it does not cover the OWASP CRS. Having said that, the author has responded to every one of my questions regarding material in the book, often updating the online version of the book's contents to clarify issues I had questions about.

This book scores five easily based on the relevance and value of the information.