[mod-security-users] ModSecurity Rules subproject is now live
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2006-01-03 14:34:33
|
I've just made the ModSecurity Rules subproject live. The rules are available for download straight away: http://www.modsecurity.org/projects/rules/ At the moment the rules consist of two parts: 1) Hardening rules, in a form of a ModSecurity deployment guide. 2) Rules to detect common web application attacks, designed to use ModSecurity as an web intrusion detection tool. I am open to the idea of having part 3 for rules that deal with specific application vulnerabilities. However, I don't have much time to do this myself. I was wondering if there are any list members that would be interested in contributing the rules as the vulnerabilities are made public? Although such specific rules are interesting for their base value, if properly documented they can be very interesting as mini case studies and allow new users to understand how ModSecurity can be used. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |