[mod-security-users] ModSecurity Standard rule set
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2005-11-19 20:18:13
|
For some time now I have wanted to start distributing ModSecurity together with a set of "standard" rules. I think it is only possible to have such a set for detect-only mode. Otherwise there would simply be too many false positives. I also do not expect these rules to be effective as a protection/detection for content management systems, but standard business-like application should be fine. Anyway, I have a set of candidate rules but I'd like them to be tested more before they are "unleashed" to the public. If you are running a complex web application and you are willing to help please send me an email to my private email address. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |