ModSecurity: Open Source Web Application Firewall

ModSecurity for Java - Help Page

ModSecurity is an open source intrusion detection and prevention engine for web applications. It can also be called an web application firewall. It operates embedded into the web server, acting as a powerful umbrella, shielding applications from attacks.

ModSecurity for Java is designed as a Java Filter which makes use of ModSecurity's native code using the JNI technology.


Installation

First you need to choose whether to download and compile ModSecurity from the project's version control web-site: github.com/SpiderLabs/ModSecurity or using pre-compiled binaries from modsecurity.org. We will not discuss how to compile the dependent native libraries needed since these steps are described in the README files from ModSecurity's repository. The native libraries (.so, .dll, etc.) needed for ModSecurity for Java are:

  1. zlib1
  2. libxml2
  3. pcre
  4. libapr-1
  5. libapriconv-1
  6. libaprutil-1
  7. ModSecurityJNI

These native libraries are loaded by the ModSecurityLoader.jar, which should be placed in your Java server library loader (for example, in Tomcat 7: $CATALINA_HOME/lib). You can build or modify the load directory of ModSecurityLoader from /mod_security/java/ModSecurityLoader/src/. The libraries have to be copied in a directory (for example, c:\work\mod_security\java\libs\), which should be accessible to ModSecurityLoader.jar.


Java Web Applications with ModSecurity Filter

ModSecurity for Java uses Java Filters in order to intercept Http requests and responses. ModsecurityTestApp is an example of Java EE Web application using the ModSecurity Filter. To use ModSecurity Filter in your Web application, copy the source files from mod_security/java/ModSecurityTestApp/src/ in your application and add the following entry for the filter tag in your web.xml file:


<filter>
        <filter-name>ModSecurityFilter</filter-name>
	    <filter-class>org.modsecurity.ModSecurityFilter</filter-class>
	    <init-param>
                <param-name>conf</param-name>
                <param-value>c:\inetpub\wwwroot\owasp-crs\modsecurity.conf</param-value> 
                <!-- Path to the main configuration file of ModSecurity. You can activate the core 
                     rules by including in modsecurity.conf file:
                        Include modsecurity_crs_10_setup.conf
                        Include activated_rules\*.conf
                -->
            </init-param>
    </filter>

    <filter-mapping>
	    <filter-name>ModSecurityFilter</filter-name>
	    <url-pattern>/*</url-pattern>
    </filter-mapping>
</filter>
                            
                            

The ModSecurity Filter makes use of the native libraries written in C/C++ using the JNI technology. As stated earlier, the native libraries are loaded by the ModSecurityLoader.jar which should be loaded by the server at start-up. If you are unable to configure the server to load the ModSecurity libraries at startup, you may load them in your web application although this is not recommended because this will raise UnsatisfiedLinkError if the ModSecurity Filter is used in multiple applications within the same server.