In the last month I have been getting nailed with various forms of “referral spam”:http://en.wikipedia.org/wiki/Referer_spam , and various annoying exploit attempts. Besides the sheer annoyance of it all, the way it screws up your logs and stats, I just didn’t want them to think their stuff was working. So I finally implemented some “mod_security”:http://www.modsecurity.org/ rules into my apache.
I extended the default “debian”:http://www.debian.org ruleset with a few that I found online, and things seem to be working well. I hope not too much of a performance hit on this little box (if so, please tell me). I’ve only had two issues with it so far:
# Default rules blocked my cookies. The default rules had a very basic regex for cookie data, didn’t’ work with my system
# Debug Log. The debugging by default is at 9, and that *very* quickly filled up a 2gb file, which then killed apache