Portsmith is an application-based firewall that is designed to interact with authorized users, and offers an easy-to-use browser driven interface. Portsmith's unique features include its core logic and its interface. Its logic specifies that ports are kept in a closed position until an authorized user logs into the Portsmith interface and triggers them open. When opened, the ports are only accessible from the authorized user's current IP address.
libapache2-mod-scramble-ip is an Apache 2 module that works like mod_removeip, but instead of just overwriting the IP address with 127.0.0.1, it encrypts the IP address. This way you always get an IP address to work with (in scripts, etc.) and have the ability to use tools like awstats to analyze your logs. It's in alpha status, but working on some Apache 2 servers, and the 'cost' (load) should be small and reasonable.
check_websites is a very simple virus scanner for Web sites. It checks a document root directory for files with the .js extension and for codewords which might be a hint of defacement or SQL injection. This tool is made to run as a cronjob. There's no output on the screen, but it generates a logfile and mails output.
For high traffic Web sites, Proto Balance Advanced provides connection rate limiting per second and limits the total number of connections. Both are done on a per-client basis. It has a complete Web configuration interface. The IP address of each connecting Web browser is recorded along with its connection stats. It is scalable to millions of clients and handles 10,000 concurrent connections. It performs server backend load balancing with an on-the-fly capability to add and remove servers. Daily and weekly traffic graphs are shown.
Proto Balance SSL negotiates an SSL connection and forwards the plain HTTP connection to your Web server. Certificate management like request generation, vendor certificate installation, and key generation are all done from an easy-to-use Web interface. It load balances connections over multiple Web servers. It performs 1000 SSL transaction per second. Traffic management and on-the-fly redirection of traffic. On-the-fly adding and removal of servers. Traffic accounting and client-connection-rate limits. Denial of server protection. Layer 7 inspection and X-Forwarded-For support.
mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.
MultiLoad is a load balancer that redirects HTTP requests to pre-defined servers/locations. It gives the provider a way to balance the traffic and hides the real download location. It allows you to manage different version of each download. It is also a load balancing server extension. You can distribute files on some servers so that a downloaded file can be loaded form different servers. These servers can have different priorities to control the active traffic.
mod_sesehe is an Apache module that disguises and removes the "Server: " HTTP header from responses. This allows you to hide certain information about the server. This also allows more accurate information to be provided if Apache is configured as a reverse proxy and a malformed request is received. Although sending the Server header in HTTP responses is not defined as a MUST in RFC 2616, the Apache HTTP Server does not otherwise allow you to disable sending this header via its configuration.
AppSamurai is a mod_perl based system to protect vulnerable or sensitive Web applications. The target use is in reverse proxy configurations, with an Apache/mod_perl reverse proxy inside a DMZ and a backend Web server in another DMZ or an internal network. AppSamurai's features include a modular, multi-factor authentication system, form based or basic auth based logins, encrypted storage of session data on a proxy, the ability to use any Apache::Session storage type (including databases for clustered deployment), and the ability to configure it from httpd.conf.