Re: [Fail2ban-users] Regex for SQL injection

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yaroslav Halchenko said the following on 28/12/11 22:38:

>> You are looking for a WAF, take a look at OpenWAF http://openwaf.org/
> hm :-/

modsecurity http://www.modsecurity.org/ or Google "apache waf"

There are a lot of HTTP attack patterns not logged to access log or error log.
For instance all the attacks that injects bogous headers; if I remember
correctly, recent KillApache.pl tool uses this type of vector and a log
analysis is worthless to block this attack before the damage is done (if
Apache is vulnerable)

Ciao,
luigi

- -- 
/
+--[Luigi Rosa]--
\

It takes both a weapon and two people to commit a murder.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk78BbkACgkQ3kWu7Tfl6ZRpnQCdFgnQGl4oPD6cUoozY3PmQR8Z
sw0An0lnhOHJSNL2hUlfk52orUzhNNUM
=DIRl
-----END PGP SIGNATURE-----