What Is Mod AntiTamper (AT)
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.
Is important to notice that mod_anti_tamper is not an alternative to mod_security, which is more exaustive and useful for all web situations. AT could be a complement to mod_security.
Introduction
- What is HMAC
HMAC is a validation algorithm to check the integrity of informations coupled with a secret password (more here).
AT will automatically generate a password and will save it in a ’safe’ place (root owner with 600 mode).
How AT Works
AT is composed by two primary active components.
1. A filter for url links integrity check.
2. A filter for cookie integrity check.
Download mod_anti_tamper here:
Or read more here.
Technorati Tags: anti tamper, anti tamper apache, Apache, apache-security, hacking-apache, hacking-websites, hmac, mod_anti_tamper, session hacking, session hijacking
0 Responses to “mod_anti_tamper - Anti Tamper Module for Apache 2.x”