Re: [mod-security-users] My planned usability improvements for ModSecurity 2.6
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2009-11-17 17:47:18
|
chr...@po... wrote: > Hi there, > > No worries about MODSEC-26. It's a huge task and I understand if it is postponed. > Especially given the selection of lower hanging fruits that have been listed by you > already. > > As for MODSEC-56: Your comment to the bugreport gives me the impression > that a typical use-case stands in the way of fixing an anomaly. I perfectly > understand the configuration vs. run-time change background, but still... > > Would alphanumeric id-tags help to come up with a slightely adjusted use-case > replacing an rule id with say "950004-new"? There is still a fundamental flaw in doing this (ie replacing a rule). The problem is that the rule is not added back into the same order. Personally, I think a lot of the rule execution engine needs to be enhanced and possibly replaced with something that is much more efficient and easier for users to do exceptions and modifications. I want to be able to modify/replace any aspect of the rule at both config time and runtime without affecting ordering of the rules. Any modifications to the rules should be auditable (ie it can be logged when a rule is modified -- especially at runtime -- so that an analyst can see what is happening). Some examples: * Insert a rule before/after another one * Add/remove a chain to a rule * Updating the rule target list to add/exclude a target * Updating the rule transformation based on other runtime data * Adding logging/debugging/ctl actions to a set of rules * Changing phase of a rule * Automatic phase determination (earliest phase) when there is none specified What do you find yourself doing most often and how could that be enhanced? -B -- Brian Rectanus Breach Security |