Re: [mod-security-users] Which Rules to use?
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2005-08-03 09:09:00
|
Alex wrote: > Hello, > > we´re using Plesk 7.5 for Unix on Fedora Core2 Server, and my question is: > > Which rules is prefered to us: > > Application protection rules > UserAgent rules > Comment spam rules > RootKit/Owned boxes blacklist > Proxy scan rules > Additional Apache 2.x rules > > Must we all take to the httpd.conf? There is no such thing as the "right set". The answer is different for each Apache installation. If you don't have the time to look into the rules, understand them, monitor their effectivenes and customise them for your needs - you are much better not running mod_security. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |