Re: [mod-security-users] What is holding ModSecurity back?
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2009-11-20 21:37:18
|
Ray wrote: > Wow, I just thought of another question for the group: Who or what is the > intended target audience for ModSecurity? It is a good question. You really need to know your site and your apps. ModSecurity takes some time to learn and tune. ModSecurity is really a security engine. That is not to say that other apps cannot sit in front of ModSecurity and make it into a full application. >From my perspective, it is more technical types like sysadmins/Apache web admins and web security specialists. Hosting companies use ModSecurity quite a bit, but I don't think it is a great fit as they don't know their apps and that means they will have to keep it pretty generic. The latest CRS helps here, but I'd like to make ModSecurity easier to use for hosting companies. Definitely not "management" and definitely not someone looking for a turn-key system. -B -- Brian Rectanus Breach Security |