Votes: 0Posted On: Mar 06, 2018 09:41:57
"mod_security" is an Apache module which serves as a Web Application Firewall for the web server. It protects web application against attacks such as XSS, SQL injection and file inclusion. It helps you protect against malicious traffic with real-time web application monitoring, logging, and access control.
mod_security can be very useful against DoS attacks. Dos or Denial of Service attack is an attack in which huge amounts of data is bombarded to the target server. However, in the case of a DDoS(Dedicated Denial of Service) attacks, mod_security would not be very useful.
mod_security offers the feature of "rate-limiting" under which the incoming traffic can be restricted due to unfamiliar patterns from a single IP address. This can be effective in the case of DoS attacks where the attack is incident from a single IP address. Connections from the IP address can be denied to stop the attack.
However, in case of DDoS, huge amounts of data from thousands or millions of source IPs collectively send to the target server. Hence, it is very difficult to identify the pattern from a single IP source.
It would require a hardware firewall with multiple layers of filtering to stop such an attack.
Moreover, it is your responsibility to configure mod_security. You will have to employ a person for configuring the rules as per your requirement. Also, the traffic will have to be constantly monitored by a team that has expertise in web related protocols such as HTTP.
Also, mod_security is a web application firewall that will protect you against an attack on the application layer. However, a hardware firewall can protect you against TCP, UDP as well as HTTP attacks.
Working of a Hardware Firewall
A hardware firewall system provides you with complete DDoS protection. For instance, we at Psychz, have a complex firewall system with multiple levels of filtering. Your network is monitored 24/7 by the team and any suspicious traffic is immediately identified and dealt with. If the server is hosted in our data center, the traffic passes through our firewall before reaching your server. If you are located at a remote location, you can always announce your IP in our network and get DDoD protection.
The data goes through many scrubbing centers that identify the suspicious traffic patterns and act accordingly.
Hence, "mod_security" is successful in the case of DoS attacks which involves a single source. But in the case of DDoS attacks, where the attack is coming from various sources at a rapid rate, an external hardware-based DDoS protection is a must.