There was not a lot of response to this welcome new project. I'll give you
some food for thought and maybe somebody catches the bait and adds
his own feedback.
I think it's a good idea to keep the rules independent of the Apache Instance.
That way you can have multiple Apaches on the same node and update
the rulebase only once.
I see three types of rules being used:
- Local Rules (These are the rules which apply for all instances)
- Service-Specific rules
Each type has different ID ranges.
Local rules apply to all apache instances. I've been using that to
Put new virtual patching rules into production. These are kept
separate from the core-rules but they are also kept independent
of the Apache instance.
Service-Specific rules go with the apache config of an instance.
If you have a lot of instances, it can make sense to keep two copies of
the core-rules: A detection and a blocking variant.
The apache instance then includes one of the two variants.
While this is dead-simple, it's maybe saner to use ModSec settings to
achieve that goal.
It should be possible to come up with decent pathnames if you look
at the Linux File Hierarchy Standard.
Von: Christian Bockermann [mailto:chris@...]
Gesendet: Donnerstag, 11. November 2010 22:07
An: Mod Security
Cc: AuditConsole List
Betreff: [mod-security-users] The perfect setup
-----BEGIN PGP SIGNED MESSAGE-----
I am writing this request on behalf of my friend Josh and myself. We were
recently discussing a joint project related to ModSecurity and would
like to hear the community opinion about it...
The overall goal of our project is to provide a transparent, standardized
and well-documented ModSecurity configuration layout - "the perfect setup" ;-)
We'd like to make this a community effort, discussing with you some of the
best strategies on
* where to put rules
* where to put data
* how to maintain this with the most consistent effort
* how to backup the configuration
* how to quickly setup new ModSecurity nodes
* ... put your requirement here ...
We know that there will be no consensus on what the perfect setup might be.
If this happens to become in exchange in ModSecurity setup ideas, then this
might also be a benefit.
We'd like to bundle this discussion into packages for major platforms, e.g.
Debian/Ubuntu and RPM-based Linux systems.
Of course, this will be an open-source project.
To find a starting point, we took Ivan's approach from the ModSecurity
Handbook to have a basic directory-layout to start with.
Our goal is to
* Provide a basic directory layout
* Make this layout as generic and automatic updatable as possible
* Provide platform-independent additional tools, scripts, etc, such
as the guardian-log.pl
* Support default settings for remote-logging (e.g. AuditConsole,
Further requirements might be
* Support for distribution of configurations, which should be much
easier when all machines are running the same, standardized layout
* Documentation of customizations
What we're NOT trying to do
This is not going to be a binary distribution package for the ModSecurity
module for all major platforms. We cannot provides this at the current time
and since there are binary packages for all major distributions around this
would be doubled work.
So the focus solely is to provide a directory layout, basic configuration
guidelines and a concept for maintenance.
So far, we're currently at the beginning of the process and would love to
take initial effort to gather community experiences and contributions :-)
The first step is to gather a list of basic requirements and directory
If anyone is interested in taking part, giving suggestions, then either
send them to the list contact Josh (jamuse@...) or me (chris@...)
or subscribe to our mailing-list at
(see https://secure.jwall.org/mailman/listinfo/jwall-modsecurity )
Chris & Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
-----END PGP SIGNATURE-----
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
mod-security-users mailing list
Commercial ModSecurity Appliances, Rule Sets and Support: