Re: Apache mode_security

[Stefano Di Paola <stefano.dipaola () wisec it>]

Hi all,

I wrote down some little thoughts about the generation of rules for
mod_security...specifically about the generation and integration of
white list rules within old fashion general-purpose anti injection
blacklist rules..
Everyone can have a look and comment here:
http://www.wisec.it/sectou.php?lang=en

Title: Application Firewalls and Black/Whitelisting approach.

Hope you'll find it useful.
Any comments are welcome.

Regards

Stefano Di Paola


Il giorno mer, 16-11-2005 alle 14:55 +0000, Ivan Ristic ha scritto:
> A collection of generic detection-only rules will be released on
> modsecurity.org some time next week. This collection will then be
> included with ModSecurity starting with 2.0. If you (or anyone else on
> the list, for that matter) want to evaluate the rules before their
> publication please send me a private email. I am looking for people
> running complex web applications able to provide raw logs or run
> ModSecurity in detection-only mode. The idea is to weed out the
> remaining false positives before the rule set hits the public.
>
> On 11/16/05, Serg Belokamen <serg.belokamen () gmail com> wrote:
> > I am look at mod_security module for Apache... looks interesting so far.
> >
> > Can anyone point me in the right direction, URL perhaps, in regards to
> > regular expression list (if one exists) to detect common attacks over
> > HTTP (SQL injections, XSS, etc.)
> >
> >    Thanks,
> >       Serg
>
> --
> Ivan Ristic
> Apache Security (O'Reilly) - http://www.apachesecurity.net
> Open source web application firewall - http://www.modsecurity.org
-- 

......---oOOo--------oOOo---......
Stefano Di Paola
Software Engineer
Email: stefano.dipaola_at_wisec.it
Email: stefano.dipaola1_at_tin.it
Web: www.wisec.it
..................................