[mod-security-users] RE: [Modsecurity] Soliciting Feature Requests

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Difficult. For me, it would be really on a per application basis, so for
instance, a php_phpbb_rules.conf with only rules that  address specific
phpBB(2) vulnerabilities. And of course, one general php_rules.conf which
addresses some broad php-issues.

Doing it like that would make rules much more easy to manage, and in broader
terms, make them more efficient to use. Big downside is, that for people
hosting say a 1000 domains on one machine, it won't work, because they
cannot always know which applications each of their customers is using. (not
to mention that having 100 includes in your httpd.conf is also not a good
idea). 

A sollution would be to make a semi-intelligent script, which can build a
ruleset.conf from several smaller files and takes options to include or
exclude specific application rulesets. A start would be to split rules up on
a language basis, e.g. separate files for php, perl, coldfusion, asp,
python, etc, etc.

Kind Regards,
Sander Holthaus

Michael Shinn wrote:
> Also an excellent idea Sander.  Any particular way(s) you
> would like to see them broken out?
> 
> On Fri, 2005-08-05 at 04:01 +0200, Sander Holthaus - Orange XL wrote:
>> I would like to see the rule-sets broken down to application specific
>> rulesets and a few general rulesets. Currently, some of the rulesets
>> are way to big and because of this, a lot of double entries exists.
>> 
>> There are a few scripts which do something similiar for downloading
>> custom SpamAssassin rulesets. 
>> 
>> Kind Regards,
>> Sander Holthaus
>> 
>> 
>> 
> ______________________________________________________________
>>         From: mod...@go...
>>         [mailto:mod...@go...] On Behalf Of David 
>>         Pinard Sent: Friday, August 05, 2005 3:42 AM
>>         To: mod...@go...
>>         Subject: Fwd: [Modsecurity] Soliciting Feature Requests
>> 
>> 
>> 
>>         >So, just in case everyone is not aware of this, please
>>         don't         be afraid >to solicit feature requests from
>>         me, for either the rules or         modsecurity >itself. 
>>         I'm always happy to add something new to either and        
>> ultimately >the best ideas come from you guys!  :-) 
>> 
>>         It would be nice to have a way to automatically exclude rules
>>         that are unneeded or too restrictive.  At the simplest level,
>>         a unique rule id# as the first part of the comment would
>>         allow a script to be written to remark out the corresponding
>>         rule in the appropriate config file.  Each config file could
>>         have its own range of rule id's.  I was thinking of writing
>>         a script to try and do this off of the existing files,
>>         however one simple change to the rule or comment would
>>         render this useless. Ideally I could automate the entire
>>         process to pull updates via a cron job and not have to worry
>>         about breaking sites.  If a new rule is introduced that is
>>         incompatible, you'd just need to put it's ID# in the exclude
>> file and rerun the script. 
>> 
>>         Has anyone already done anything like this?  Or is there a
>>         better way to accomplish the same thing?
>> 
>>         Thanks! -Dave
>> 
>>         --
>>         Support our Education reform efforts at:
>>         www.dumpcms.com
>>         savecmskids.blogspot.com
>> _______________________________________________
>> Modsecurity mailing list
>> Mod...@go...
>> http://lists.gotroot.com/mailman/listinfo/modsecurity