forwarding to the correct list
---------- Forwarded Message ----------
Subject: [Fedora-sysadmin-list] Web Security Date: Friday 21 November 2008 From: "Damian Myerscough" damian.myerscough@gmail.com To: "Fedora Administration and Infrastructure project" <fedora-sysadmin- list@redhat.com> Hello All,
I have managed to get a bit of free time to create some simple rules for mod_security which would be suitable for the web servers which we are currently running. I have wrote some generic rules which should be compatible with all the web servers. However, we could write rules which are much stricter for the web applications that are hosted off the web servers.
Let me know what people think about the rules that I have attached.
Just a note, the final rule should point to maybe a security notice... it would currently just redirect users to fedoraproject.org.
Hi Damian,
Those look good to me, and you might want to add some extra ones just to start.
# Log only relevant entries and log it SecAuditEngine RelevantOnly SecAuditLog /var/log/httpd/modsec_audit.log
# Filter only Dynamic content (to minimize performance impact) should be tested to be sure that it does what is expected SecFilter DynamicOnly
Just my 2 cents :)
Paulo
2008/11/21 Dennis Gilmore dennis@ausil.us
forwarding to the correct list
---------- Forwarded Message ----------
Subject: [Fedora-sysadmin-list] Web Security Date: Friday 21 November 2008 From: "Damian Myerscough" damian.myerscough@gmail.com To: "Fedora Administration and Infrastructure project" <fedora-sysadmin- list@redhat.com> Hello All,
I have managed to get a bit of free time to create some simple rules for mod_security which would be suitable for the web servers which we are currently running. I have wrote some generic rules which should be compatible with all the web servers. However, we could write rules which are much stricter for the web applications that are hosted off the web servers.
Let me know what people think about the rules that I have attached.
Just a note, the final rule should point to maybe a security notice... it would currently just redirect users to fedoraproject.org.
-- Regards, Damian Myerscough
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Hello Paulo,
I will add the extra fields and setup a virtual machine on my local host and use the Apache bentchmark utility to simulate high levels of traffic.
2008/11/24 Paulo Santos santosp@fedoraproject.org:
Hi Damian,
Those look good to me, and you might want to add some extra ones just to start.
# Log only relevant entries and log it SecAuditEngine RelevantOnly SecAuditLog /var/log/httpd/modsec_audit.log
# Filter only Dynamic content (to minimize performance impact) should be tested to be sure that it does what is expected SecFilter DynamicOnly
Just my 2 cents :)
Paulo
2008/11/21 Dennis Gilmore dennis@ausil.us
forwarding to the correct list
---------- Forwarded Message ----------
Subject: [Fedora-sysadmin-list] Web Security Date: Friday 21 November 2008 From: "Damian Myerscough" damian.myerscough@gmail.com To: "Fedora Administration and Infrastructure project" <fedora-sysadmin- list@redhat.com> Hello All,
I have managed to get a bit of free time to create some simple rules for mod_security which would be suitable for the web servers which we are currently running. I have wrote some generic rules which should be compatible with all the web servers. However, we could write rules which are much stricter for the web applications that are hosted off the web servers.
Let me know what people think about the rules that I have attached.
Just a note, the final rule should point to maybe a security notice... it would currently just redirect users to fedoraproject.org.
-- Regards, Damian Myerscough
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
infrastructure@lists.fedoraproject.org