Currently I'm looking into implementing mod_security on all our apache servers. The installation on CentOS 5.5 comes directly with the
"Core Rule Set" by the mod_security devs (curiously Debian and Ubuntu do not carry these)
They also offer the Enhanced Rule Set for mod_security in a commercial package
i'm new to web server security. i have a few question on modsecurity and web server.
first, let me brief what i try to do. I have apache server running a DVWA web application on ubuntu 12.04 64bit.
I installed modsecurity on that server to detect and generated alert on attacks.