This is what I’ve been looking for quite some time! A module specifically designed for Apache security.
This module increases the security level of an Apache web server or other servers if used with Apache in proxy mode. Modsecurity acts as an application firewall embedded in Apache. It protects web applications against common attacks (SQL injection, Cross Site Scripting, etc.)
I found this nice documentation, but like most docs, it’s missing some things. It’s not much but I’m adding it anyway.
# Security discoverd with NiktoTraceEnable "off"# More Security<IfModule mod_security.c>
# Turn the filtering engine On or Off SecFilterEngine On
# Server Signature SecServerSignature "Microsoft-IIS/5.0"# Make sure that URL encoding is valid SecFilterCheckURLEncoding On
# Unicode encoding check SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range SecFilterForceByteRange 0255# Only log suspicious requests SecAuditEngine RelevantOnly
# The name of the audit log file SecAuditLog /var/log/apache2/audit_log
# Debug level set to a minimum SecFilterDebugLog /var/log/apache2/modsec_debug_log
SecFilterDebugLevel 0# Should mod_security inspect POST payloads SecFilterScanPOST On
# By default log and deny suspicious requests# with HTTP status 500 SecFilterDefaultAction "deny,log,status:500"# Require HTTP_USER_AGENT and HTTP_HOST in all requests SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST""^$"# Weaker XSS protection but allows common HTML tags SecFilter "<[[:space:]]*script"# Prevent XSS atacks (HTML/Javascript injection)#SecFilter "<(.|n)+>"# Very crude filters to prevent SQL injection attacks SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into"# Replace "elect" with "select" in the line below SecFilter "elect.+from" SecFilter "drop[[:space:]]table"# Protecting from XSS attacks through the PHP session cookie SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"</IfModule>