Snort mailing list archives
Snort + Apache modules.
From: Rudi Starcevic <rudi () oasis net au>
Date: Fri, 10 Oct 2003 17:44:33 +1000
Hi,As I'm a Web Developer I have an keen interest in protecting my web apps using Apache.
Snort is an amazing way to help me do this.But I'd like to ask other Snort users if you also use Apache securtiy modules along with your Snort installation(s).
I've listed some Apache modules below and would really appreciate any comments on which modules you would recommend or not bother with and allow Snort to fill that particular security role.
Apache modules ( sourced from http://www.modsecurity.org )* mod_security; many features - includes POST analyse. * mod_throttle; intended to reduce the load on your server & bandwidth generated by popular virtual hosts, directories, locations, or users according to supported polices (see below) that decide when to delay or refuse requests. * mod_bandwidth; enable the setting of server-wide or per connection bandwidth limits, based on the directory, size of files and remote IP/domain. * mod_require_host; This module will reject requests that fail to provide either a Host: header or an absolute URI as required by RFC 2616 section 5.1.2.
* mod_ibl; allows certain requests. * mod_id; blocks certain requests. * mod_wormwall, mod_fortress fork; blocks and logs certain requests.* mod_dosevasive; Maintains an internal table of IP addresses and URLs and denies repeated requests for the same URL from the same IP address, blacklisting the address for 10-seconds per extraneous request. * mod_protection, homepage unavailable, can be downloaded from http://packetstormsecurity.nl/groups/twlc/mod_protection-0.0.2.tar.gz
* mod_fortress; blocks and logs certain requests..* mod_iprotect, closed source; prevents many clients from using the same username & password for authentication. Also protects from brute force password cracking. * mod_refprotect, commercial (delivered with source code); allows access only from a selected list of referrers. * mod_hackprotect , commercial (delivered with source code); Detects brute-force attempts to guess passwords. * mod_hackdetect, commercial (delivered with source code); Detects user accounts which have been hacked or for which passwords have been leaked, and then runs a custom script to de-activate the user account and/or notify the webmaster.
Many thanks Best regards Rudi. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + Apache modules. Rudi Starcevic (Oct 10)