Thread: [mod-security-users] New to mod_security
Brought to you by:
victorhora,
zimmerletw
From: Altec <alt...@ya...> - 2004-06-23 00:00:12
|
Hi, First, thank you VERY MUCH for giving us such a great tool! It looks like there's httpd.conf.example.minimal to help us get started and httpd.conf.regression-v2 that contains some additional rules (but mixed with test-only rules). I was wondering if Ivan Ristic or other experienced mod_security users would be kind enough to post something more aggressive than httpd.conf.example.minimal but practical/proven enough to use "as-is" on a production public web server. |
From: Ivan R. <iv...@we...> - 2004-06-28 09:11:33
|
> I was wondering if Ivan Ristic or other experienced mod_security users > would be kind enough to post something more aggressive than > httpd.conf.example.minimal but practical/proven enough to use "as-is" on > a production public web server. I don't, at least not at this time. Yours is the first request for more aggressive rules :) Most problems I've dealt with in the past are with users being over-protective with their servers and preventing applications from working properly. But I've been thinking about a mod_security HOWTO for some time now and I expect to write it fairly soon. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |