httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From farid ridho <>
Subject Re: Writing apache module for filtering HTTP request on PHP website
Date Sun, 22 Dec 2013 04:25:52 GMT
thanks for your replay jerry.

actually, this is for my research purpose.
i am going to write a web application firewall (WAF) prototype with machine
learning approach.
modsecurity is well written WAF, but it have a complexity when we set rule
for detection. so i decide to make this research.

i have finished my classifier model for classifying attack, such as SQLi,
XSS etc. with machine laearning
but face problem when implementing it on apache module.

On Sun, Dec 22, 2013 at 11:02 AM, Jerry Stuckle <>wrote:

> On 12/21/2013 10:09 PM, farid ridho wrote:
>> I'm going to make simple web application firewall like modsecurity. I want
>> to write apache module in C for filtering a web attack like SQL injection.
>> I put my web on http://localhost/vulweb my question is, when iam
>> accessing
>> http://localhost/vulweb i want the apache module analysis the request
>> first, before continuing its to PHP website (if the request is not an
>> attack). Can anyone help me to explain how to make a module for this
>> purpose? and how to configure this module (sethandler, addhandler)??
>> PS: I have already know how to write helloworld apache module with C, and
>> run it through http://localhost/helloworld
> Why?
> You should be validating your information in PHP anyway, according to
> exactly what is expected (you can't expect a general purpose module to know
> that something which is valid on one page is invalid on another).
> And if you validate your incoming data properly, you solve a lot more
> potential problems than SQL injection.
> It just seems to me you're going about this the wrong way - or trying to
> take a short cut which doesn't really short cut anything - it just adds a
> additional layer of unneeded complexity.
> Jerry

Farid Ridho,
Twitter: @fariderr <>
YM    : faridridlo
Gtalk : faridridho

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message