Thread: [mod-security-users] Question about iptables
Brought to you by:
victorhora,
zimmerletw
From: Jose P. V. L. <pab...@gm...> - 2013-09-18 17:08:00
|
First of all, sorry to post here, but I believe that mod_security with iptables makes harder for hackers to gain resources access. I was wondering if someone could tell me if he/she has be able to use iptables strings modules with hitcount modules. Why? Easy to answer. You could be able to limit access to php forms using string (but for performance Deep Packet Inspection is not the best approach) and using hitting count. You could block more than 5 chances to gain access to example_form.php. Is it a bad idea? Mod security has brute-force rules? I know that you can develop new rules to approach this solution or use some other alternatives as captchas or honeypots fields. Kind regards. |
From: Jose P. V. L. <pab...@gm...> - 2013-09-18 19:17:26
|
Thanks Reindl :). Kind Regards El 18/09/2013 19:44, "Reindl Harald" <h.r...@th...> escribió: > Am 18.09.2013 19:07, schrieb Jose Pablo Valcárcel Lázaro: > > First of all, sorry to post here, but I believe that mod_security with > iptables makes harder for hackers to gain > > resources access. > > > > I was wondering if someone could tell me if he/she has be able to use > iptables strings modules with hitcount > > modules. Why? Easy to answer. You could be able to limit access to php > forms using string (but for performance Deep > > Packet Inspection is not the best approach) and using hitting count. > > > > You could block more than 5 chances to gain access to example_form.php. > > > > Is it a bad idea? Mod security has brute-force rules? > > > > I know that you can develop new rules to approach this solution or use > some other alternatives as captchas or > > honeypots fields. > > generally whatever can be done in the earliest possible layer should be > done there > security is always a layered thing (network, firewall, application > firewall, application) > > things like rate-control and limit concurrent connectios from a source-ip > should be done in iptables or if possible even a device before the server > > it *can* be done with modsec, but where ever you can catch attacks a layer > before do so > > > > > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, > SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack > includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. > http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |