I would suggest that you download the
ModSecurity 2.5.x code and start playing with it as there are many significant
enhancements for not only performance (set-based matching with @pm vs. using
regular expressions) but also many new variables - http://www.modsecurity.org/blog/archives/2007/12/initial_release.html
You could use the current Core Rules as a
base to start from and then alter it with the new 2.5 enhancements.
I will be doing a Blog post today showing
one example of this.
Ryan C. Barnett
Breach Security: Director of Training
Web Application Security Consortium (WASC)
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA,
Author: Preventing Web Attacks with Apache
[mailto:email@example.com] On Behalf Of Oteng Michael Raesima
Sent: Thursday, December 27, 2007
optimizing the ModSecurity core rule set
Good day to you all
I sent the following message to the user list last week but i have had no
response to date. Please assist with relevant info or direction that may be
useful in this kind of study.
I am an MSc student in e-business centered computing. I would like to focus my
research on optimizing the core rule set of ModSecurity so that if possible, a
fewer rules are used to achieve the same and improve performance of the
filtering process in the end. To this end I request your help as much as
possible on information or indeed any data that may be helpful for the success
of my project.
I have installed Apache2.x and downloaded the modsec 2.x rule set for my study.
Thank you very much in advance
Your contributions are highly appreciated