modsecurity for Apache

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Just looking for experienced Admins that have worked with modsecurity
on fedora; /

What kinds of problems have you run into?

Have you still been penetrated even though you have this module

Can you share some configs for apache 1.3/2.0?

Before I started setting this up I wanted to get some real world
experience stories from SA's in the trenches that have had success or
failure using this mod.

I'll be sure to share my experiences (if anybody cares) once I feel I
have covered all my bases.

Thanks for your input.

Re: modsecurity for Apache

On Tue, 24 May 2005 15:26:29 -0400, astrobelt wrote:


Quoted text here. Click to load it

I think you may want to rephrase that ;)

Tayo'y Mga Pinoy

Re: modsecurity for Apache

Quoted text here. Click to load it

Not sure how much help I can be, but my experience with mod_security is
good.  I haven't run into any real issues, and have seen it deny and
log a number of spurious web requests.  Granted, my configuration is
relatively simple, but it works as advertised and I find it to be a
valuable component of a defense-in-depth strategy.


Scott Lowe

Re: modsecurity for Apache

Quoted text here. Click to load it

It also makes chrooting Apache a little easier. And chroot is always a
good thing...


Site Timeline