[Fedora-sysadmin-list] Web Security
damian.myerscough at gmail.com
Mon Nov 24 11:58:55 UTC 2008
I will add the extra fields and setup a virtual machine on my local host and use
the Apache bentchmark utility to simulate high levels of traffic.
2008/11/24 Paulo Santos <santosp at fedoraproject.org>:
> Hi Damian,
> Those look good to me, and you might want to add some extra ones just to
> # Log only relevant entries and log it
> SecAuditEngine RelevantOnly
> SecAuditLog /var/log/httpd/modsec_audit.log
> # Filter only Dynamic content (to minimize performance impact) should be
> tested to be sure that it does what is expected
> SecFilter DynamicOnly
> Just my 2 cents :)
> 2008/11/21 Dennis Gilmore <dennis at ausil.us>
>> forwarding to the correct list
>> ---------- Forwarded Message ----------
>> Subject: [Fedora-sysadmin-list] Web Security
>> Date: Friday 21 November 2008
>> From: "Damian Myerscough" <damian.myerscough at gmail.com>
>> To: "Fedora Administration and Infrastructure project" <fedora-sysadmin-
>> list at redhat.com>
>> Hello All,
>> I have managed to get a bit of free time to create some simple rules
>> for mod_security
>> which would be suitable for the web servers which we are currently
>> running. I have wrote
>> some generic rules which should be compatible with all the web
>> servers. However, we could
>> write rules which are much stricter for the web applications that are
>> hosted off the web servers.
>> Let me know what people think about the rules that I have attached.
>> Just a note, the final rule should point to maybe a security notice...
>> it would currently just redirect users
>> to fedoraproject.org.
>> Damian Myerscough
>> Fedora-infrastructure-list mailing list
>> Fedora-infrastructure-list at redhat.com
More information about the infrastructure