[Fedora-sysadmin-list] Web Security
Paulo Santos
santosp at fedoraproject.org
Mon Nov 24 10:51:12 UTC 2008
Hi Damian,
Those look good to me, and you might want to add some extra ones just to
start.
# Log only relevant entries and log it
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log
# Filter only Dynamic content (to minimize performance impact) should be
tested to be sure that it does what is expected
SecFilter DynamicOnly
Just my 2 cents :)
Paulo
2008/11/21 Dennis Gilmore <dennis at ausil.us>
> forwarding to the correct list
>
> ---------- Forwarded Message ----------
>
> Subject: [Fedora-sysadmin-list] Web Security
> Date: Friday 21 November 2008
> From: "Damian Myerscough" <damian.myerscough at gmail.com>
> To: "Fedora Administration and Infrastructure project" <fedora-sysadmin-
> list at redhat.com>
> Hello All,
>
> I have managed to get a bit of free time to create some simple rules
> for mod_security
> which would be suitable for the web servers which we are currently
> running. I have wrote
> some generic rules which should be compatible with all the web
> servers. However, we could
> write rules which are much stricter for the web applications that are
> hosted off the web servers.
>
> Let me know what people think about the rules that I have attached.
>
> Just a note, the final rule should point to maybe a security notice...
> it would currently just redirect users
> to fedoraproject.org.
>
> --
> Regards,
> Damian Myerscough
>
> -------------------------------------------------------
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20081124/51b552e4/attachment.html
More information about the infrastructure
mailing list