O'Reilly logo

ModSecurity 2.5 by Magnus Mischel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Virtual Patching

In this chapter we will look at a technique called virtual patching, which is a method to fix, or patch, a vulnerability in a web application by using the ability of ModSecurity (or in general, any web application firewall) to block malicious requests.

Virtual patching relies on ModSecurity's ability to intercept requests before they reach your web application, and consists of writing rules that will intercept specific malicious requests before they get handled by your web application and have any chance to do damage. This allows you to fix vulnerabilities without touching any web application code, and indeed without even requiring you to understand how the web application code works—all that is required is knowledge ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required