[Mod-security-developers] Positive filter modelization proposal
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] Positive filter modelization proposal
|
From: Vincent D. <vin...@in...> - 2006-07-07 12:49:34
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, Here is a suggestion of XML modelization for an HTTP filter, based on a positive model (ie, not blacklisting known attacks, but rather accepting only known, validated good requests). This model is heavily inspired from Ivan's publication of november 2005. When/if this model is validated, we [INL] will be in position to publish some work we have started working on, especially about : - - generating rules expressed in this model, based on [mod_security] log analysis (log of traffic considered as good) - - building mod_security rules from the XML model. - - possibly [at least partially] converting rules from proprietary filters Should this model be amended (as will probably be), we will of course adapt our (alpha stage) tools to take advantage of it. All comments and suggestions will, of course, be most welcome. Vincent Deffontaines INL -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFErWSCam6ayBS3Nb4RAjmLAJ9xvUiJfRZ3dXgdjkEKjGJtyjs79wCdHl3P G/xuVXCxjUg2ZX1ylqT+SGo= =E34K -----END PGP SIGNATURE----- |
