IDS 에서 탐지뿐만 아니라 차단까지 원할경우 Inline Mode를 통해서 IPS로 동작
Snort
-c : 환경설정파일경로
-i : 탐지할 인터페이스 이름
-Q : ips로 동작하는 옵션
alert, drop 등
Suricata
--af -packet : ips로 동작하는 옵션
iptables : 접근제어정책
WAF(Web Application Firewall - 웹방화벽)
mod_security
[root@localhost html]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message Loaded Modules: core_module (static)
so_module (static)
http_module (static)
access_compat_module(shared)
actions_module (shared)
alias_module(shared)
...
cgid_module (shared)
http2_module (shared)
proxy_http2_module (shared)
[root@localhost html]# httpd -M | grep mod_security
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
@https://owasp.org 접속하기 (mod_security)