Hi all,
I wrote down some little thoughts about the generation of rules for
mod_security...specifically about the generation and integration of
white list rules within old fashion general-purpose anti injection
blacklist rules..
Everyone can have a look and comment here:
http://www.wisec.it/sectou.php?lang=en
Title: Application Firewalls and Black/Whitelisting approach.
Hope you'll find it useful.
Any comments are welcome.
Regards
Stefano Di Paola
Il giorno mer, 16-11-2005 alle 14:55 +0000, Ivan Ristic ha scritto:
A collection of generic detection-only rules will be released on
modsecurity.org some time next week. This collection will then be
included with ModSecurity starting with 2.0. If you (or anyone else on
the list, for that matter) want to evaluate the rules before their
publication please send me a private email. I am looking for people
running complex web applications able to provide raw logs or run
ModSecurity in detection-only mode. The idea is to weed out the
remaining false positives before the rule set hits the public.
On 11/16/05, Serg Belokamen <serg.belokamen@gmail.com> wrote:
I am look at mod_security module for Apache... looks interesting so far.
Can anyone point me in the right direction, URL perhaps, in regards to
regular expression list (if one exists) to detect common attacks over
HTTP (SQL injections, XSS, etc.)
Thanks,
Serg
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
--
......---oOOo--------oOOo---......
Stefano Di Paola
Software Engineer
Email: stefano.dipaola_at_wisec.it
Email: stefano.dipaola1_at_tin.it
Web: www.wisec.it
..................................
