What Is Mod AntiTamper (AT)
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.
Is important to notice that mod_anti_tamper is not an alternative to mod_security, which is more exaustive and useful for all web situations. AT could be a complement to mod_security.
Introduction
- What is HMAC
HMAC is a validation algorithm to check the integrity of informations coupled with a secret password (more here).
AT will automatically generate a password and will save it in a ’safe’ place (root owner with 600 mode).
How AT Works
AT is composed by two primary active components.
1. A filter for url links integrity check.
2. A filter for cookie integrity check.
Download mod_anti_tamper here:
Or read more here.
Subscribe to Darknet RSS Feed Stored in: Countermeasures, Security Software, Web Hacking
Related Posts:
- gotroot modsecurity Rules for Apache - Anti-spam and Security
- WSGW - Web Security Gateway for Secure Apache
- BeEF - Browser Exploitation Framework
- Whos is tonyenkiducx? Who the hell are you?
- Medusa 1.4 - Parallel Password Cracker Released for Download
- Priamos Project - SQL Injector and Scanner
| 2,169 views |
Sorry that I didn’t comment on this one earlier. I’m kinda busy these days..
This is a very usefull feature. I will definately introduce this in my own webserver.
2005!! it’s obsolete!
All servers deserve this although Fran brings up a good point of it being kind of dated…