{"id":5610,"date":"2025-06-06T15:39:06","date_gmt":"2025-06-06T11:39:06","guid":{"rendered":"https:\/\/jsnet.biz\/?p=5610"},"modified":"2025-07-07T17:00:13","modified_gmt":"2025-07-07T13:00:13","slug":"mod-securty-n%c9%99dir","status":"publish","type":"post","link":"https:\/\/jsnet.biz\/az\/mod-securty-n%c9%99dir\/","title":{"rendered":"Mod Securty n\u0259dir?"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

ModSecurity<\/strong> \u2014 veb serverl\u0259r \u00fc\u00e7\u00fcn a\u00e7\u0131q m\u0259nb\u0259 kodlu Veb T\u0259tbiq Firewall (WAF)<\/strong> sistemidir. Onun \u0259sas funksiyalar\u0131 veb t\u0259tbiql\u0259ri z\u0259r\u0259rli trafikd\u0259n v\u0259 h\u00fccumlardan qorunur. Bu sistem Apache<\/strong>, Nginx<\/strong> v\u0259 IIS<\/strong> kimi m\u0259\u015fhur veb serverl\u0259rl\u0259 birlikd\u0259 oluna bilir.<\/p>

\ud83d\udd10 ModSecurity n\u0259 edir?<\/strong><\/h3>

ModSecurity real vaxtda HTTP trafiki analiz edir v\u0259 \u00fcmumi hallar\u0131 a\u015fkar edib bloklaya bilir:<\/p>

  • \u2757 SQL inyeksiyas\u0131<\/strong><\/p><\/li>

  • \u2757 Saytlararas\u0131 Skriptl\u0259m\u0259 (XSS)<\/strong><\/p><\/li>

  • \u2757 Yerli Fayl Daxil Edilm\u0259si (LFI)<\/strong><\/p><\/li>

  • \u2757 Uzaqdan Kod \u0130cras\u0131 (RCE)<\/strong><\/p><\/li>

  • \u2757 Brute Force H\u00fccumlar\u0131<\/strong><\/p><\/li>

  • \u2757 Bot v\u0259 DDoS h\u00fccumlar\u0131n\u0131n a\u015fkarlanmas\u0131<\/strong><\/p><\/li><\/ul>

    \u2699\ufe0f \u0130\u015f prinsipi:<\/strong><\/h3>

    ModSecurity HTTP sor\u011fular\u0131n\u0131 (GET, POST, HEADER v\u0259 s.) yoxlay\u0131r v\u0259 t\u0259hl\u00fck\u0259 yarada n\u00fcmun\u0259l\u0259ri<\/strong> \u00f6nc\u0259d\u0259n t\u0259sdiq edilmi\u015f qaydalar toplusu (ruleset)<\/strong> il\u0259 proqram edir. \u018fg\u0259r uy\u011funsuzluq varsa:<\/p>

    • Blok edir,<\/p><\/li>

    • Log fayllar\u0131na yaz\u0131r,<\/p><\/li>

    • Administratoru x\u0259b\u0259rdar edir.<\/p><\/li><\/ul>

      \ud83d\udce6 \u018fn \u00e7ox istifad\u0259 olunan qaydada paketl\u0259ri:<\/strong><\/h3>

      • OWASP \u018fsas Qayda D\u0259sti (CRS):<\/strong> Standart v\u0259 geni\u015f yay\u0131lm\u0131\u015f a\u00e7\u0131q m\u0259nb\u0259li qaydalar toplusudur.<\/p><\/li>

      • Comodo WAF qaydalar\u0131:<\/strong> X\u00fcsusi qaydalar t\u0259qdim ed\u0259n kommersiya versiyas\u0131d\u0131r.<\/p><\/li><\/ul>

        \u2705 \u00dcst\u00fcnl\u00fckl\u0259ri:<\/strong><\/h3>

        • A\u00e7\u0131q m\u0259nb\u0259lidir v\u0259 pulsuzdur.<\/p><\/li>

        • \u00c7ox \u00e7evik qayda mexanizm var.<\/p><\/li>

        • Apache, Nginx v\u0259 IIS il\u0259 i\u015fl\u0259yir.<\/p><\/li>

        • Real vaxtda trafik analizi yaratmaq imkan\u0131.<\/p><\/li><\/ul>

          \u274c \u00c7at\u0131\u015fmazl\u0131qlar\u0131:<\/strong><\/h3>

          • Y\u00fcks\u0259k performans t\u0259l\u0259b ed\u0259n saytlar \u00fc\u00e7\u00fcn i\u015f l\u0259nglik yarada bil\u0259r.<\/p><\/li>

          • Yanl\u0131\u015f (yanl\u0131\u015f m\u00fcsb\u0259t) n\u0259tic\u0259 ola bil\u0259r.<\/p><\/li>

          • Konfiqurasiya v\u0259 qaydalar\u0131n d\u00fczg\u00fcn t\u0259nziml\u0259nm\u0259si t\u0259cr\u00fcb\u0259 t\u0259l\u0259b edir.<\/p><\/li><\/ul>

            \ud83d\udccc N\u0259 \u00fc\u00e7\u00fcn istifad\u0259 olunur?<\/strong><\/h3>

            \u018fg\u0259r bir sayt\u0131n\u0131z varsa v\u0259 etibarl\u0131 sizin \u00fc\u00e7\u00fcn vacibdirs\u0259, ModSecurity sistemini aktivl\u0259\u015fdir\u0259r\u0259k veb t\u0259tbiqinizi bir \u00e7ox t\u0259hl\u00fck\u0259li h\u00fccumdan proaktiv \u015f\u0259kild\u0259 qorumaq<\/strong> m\u00fcmk\u00fcnd\u00fcr.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

            ModSecurity \u2014 veb serverl\u0259r \u00fc\u00e7\u00fcn a\u00e7\u0131q m\u0259nb\u0259 kodlu Web Application Firewall (WAF) sistemidir. Onun \u0259sas funksiyalar\u0131 veb t\u0259tbiql\u0259ri z\u0259r\u0259rli trafikd\u0259n v\u0259 h\u00fccumlardan qorunur. Bu sistem Apache, Nginx v\u0259 IIS kimi m\u0259\u015fhur veb serverl\u0259rl\u0259 birl\u0259\u015fm\u0259 oluna bil\u0259r. \ud83d\udd10 ModSecurity n\u0259 edir? ModSecurity real vaxtda HTTP trafiki analiz edir v\u0259 s\u0131ra hallar\u0131 a\u015fkar edib bloklaya bilir: \u2757 [\u2026]<\/p>","protected":false},"author":1,"featured_media":5611,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-5610","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-computing"],"_links":{"self":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/5610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/comments?post=5610"}],"version-history":[{"count":0,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/5610\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media\/5611"}],"wp:attachment":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media?parent=5610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/categories?post=5610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/tags?post=5610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}