[Fedora-sysadmin-list] Web Security

Paulo Santos santosp at fedoraproject.org
Mon Nov 24 10:51:12 UTC 2008

Hi Damian,

Those look good to me, and you might want to add some extra ones just to

# Log only relevant entries and log it
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log

# Filter only Dynamic content (to minimize performance impact) should be
tested to be sure that it does what is expected
SecFilter DynamicOnly

Just my 2 cents :)


2008/11/21 Dennis Gilmore <dennis at ausil.us>

> forwarding to the correct list
> ----------  Forwarded Message  ----------
> Subject: [Fedora-sysadmin-list] Web Security
> Date: Friday 21 November 2008
> From: "Damian Myerscough" <damian.myerscough at gmail.com>
> To: "Fedora Administration and Infrastructure project" <fedora-sysadmin-
> list at redhat.com>
> Hello All,
> I have managed to get a bit of free time to create some simple rules
> for mod_security
> which would be suitable for the web servers which we are currently
> running. I have wrote
> some generic rules which should be compatible with all the web
> servers. However, we could
> write rules which are much stricter for the web applications that are
> hosted off the web servers.
> Let me know what people think about the rules that I have attached.
> Just a note, the final rule should point to maybe a security notice...
> it would currently just redirect users
> to fedoraproject.org.
> --
> Regards,
> Damian Myerscough
> -------------------------------------------------------
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20081124/51b552e4/attachment.html 

More information about the infrastructure mailing list