Many web developers and system administrators don't know what is it Web Application Firewall and how to use it.
Web Application Firewall can protect the application and the server from standard web attacks and from very complex attacks (depend the configuration you provide).
Mod_Security is an open source Web Application Firewall that do the work very good (it saved me more then once). it can be customised easily and provide impressive protection and reporting. one of it's features is to monitor uploaded files and to inspect them before they hit your application. you can use PHP script to inspect the file being uploaded using the $argv array.
you can use the Linux file command to inspect the file. it will return the real file type (if *.exe file being uploaded as *.gif file, than the file function will catch it).
Core Rules Content
1. HTTP protection - detecting violations of the HTTP protocol and a locally defined usage policy.
2. Common Web Attacks Protection - detecting common web application security attack.
3. Automation detection - Detecting bots, crawlers, scanners and other surface malicious activity.
4. Trojan Protection - Detecting access to Trojans horses.
5. Errors Hiding – Disguising error messages sent by the server
Some of the issues addressed are:
* SQL Injection
* Cross-Site Scripting (XSS)
* OS Command execution
* Remote code inclusion
* LDAP Injection
* SSI Injection
* Information leak
* Buffer overflows
* File disclosure
for more information please visit: http://www.modsecurity.org/projects/rules/index.html
URL Scan is the free answer of Microsoft servers users. i can't say that it is impressive, but it can prevent many web attacks.
what i am tyring to say is... if you have a web application then you must have a Web Application Firewall !!!
