Vulture allows you to filter incoming and outgoing web trafic and block threats like injection, cross site scriping… and other attacks of the OWASP Top10.
It is relying on mod_security, mod_defender (fork of Naxsi), and mod_svm (Machine learning based on Support Vector Machines) to filter HTTP traffic.
mod_security has been improved to fit Vulture’s clustered design. mod_svm is the exclusive property of aDvens, and freely usable in Vulture. mod_defender is freely available under a GPLv3 licence : https://github.com/VultureProject/mod_defender
All these filtering engines works together, and you don’t have the complexity of managing 3 different engines: All is simplified in the Vulture GUI. Another cool benefit of having mod_security and mod_defender is that you can create ruleset that mix MAXSI’s syntax and mod_security’s syntax, depending of what you want to achieve.
If a “abnormal request” is detected, mod_security or mod_svm or mod_defender will increment the score of the request. If the request score reach the maximum accepted score, Vulture will block.
Table of Contents
Vulture WAF Modules and Engines
Web Application Firewall modules:
1. Clustered mod_security, using hiredis [blacklisting]
2. mod_defender, aka “Naxsi for Apache2” [whitelisting]
3. mod_svm [machine learning]