Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Tool like IISLockdown or URLScan

RE: Tool like IISLockdown or URLScan

From: Dawes, Rogan (ZA - Johannesburg) <rdawes_at_deloitte.co.za>
Date: Tue, 1 Jul 2003 17:55:05 +0200

Try mod_security

>From Ivan Ristic's email to this list on the 30th May :

Mod_security 1.5 has been released. It is immediately available for
download from:

    http://www.modsecurity.org/download/

This is a major release, containing significant new
functionality. The most important changes are: Apache 2.x
compatibility, new web site, and comprehensive manual.

About mod_security
------------------
Mod_security is an Apache module whose purpose is to protect
vulnerable applications and reject human or automated attacks.
It is an open source intrusion detection and prevention system
for Apache. In addition to request filtering, it also creates Web
application audit logs. Requests are filtered using regular
expressions. Some of the things possible are:

  * Apply filters against any part of the request (URI,
    headers, either GET or POST)
  * Apply filters against individual parameters
  * Reject SQL injection attacks
  * Reject Cross site scripting attacks

With few general rules mod_security can protect from both
known and unknown vulnerabilities.

Changes (v1.5)
--------------

  * Apache 2.x compatibility

  * Added SecFilterInheritance

  * Added SecFilterByteRange

  * Added SecFilterCheckURLEncoding

  * A few bug fixes

  * New web site @ www.modsecurity.org

  * Comprehensive manual

> -----Original Message-----
> From: John Madden [mailto:chiwawa999_at_yahoo.com]
> Sent: 01 July 2003 05:23 PM
> To: webappsec_at_securityfocus.com
> Subject: Tool like IISLockdown or URLScan
>
>
> Hi,
>
> Is there a tool available that will have the same
> functionalities or close to it as IISLockdown or
> URLScan for Apache ? I know of CGIWrap but that's only
> CGI's, im looking for a tool to secure Apache...
>
> Thank you
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
>

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.
Received on Jul 01 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos