Re: [mod-security-users] OWA ruleset?
Brought to you by:
victorhora,
zimmerletw
From: Christian B. <ch...@jw...> - 2007-03-27 11:03:22
|
Hi Arthur! You probably think of a positive model of your web access application. I do not know about any profile for protection OWA. Most likely you can get a start with the modsecurity core ruleset which follows a different approach by matching known attack-patterns and customize that in order to fit your application. The core ruleset is not restricted to a specific application and should provide you with a basic protection against the most common attacks. When trying this you can make the rule-engine of modsecurity work in detection-only mode to just log malicious requests and monitor your application for a while. This way you can track down possible false-positives and customize the ruleset for your application without breaking its functionality. If you want to create a positive model you might want to have a look at the REMO ruleset editor which aims at exactly this task. REMO can be found at http://remo.netnea.com Regards, Chris Am 27.03.2007 um 11:39 schrieb Arthur Fonzarelli: > Hi there, > > I'm searching for a ModSecurity2 ruleset that protects my Outlook > Web Access > installation. Are there any available? > > Regards, > > Arthur > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |