|
From: Christian F. <chr...@ne...> - 2018-03-27 04:11:27
|
Hi there, On Mon, Mar 26, 2018 at 11:18:20PM -0400, Chip wrote: > Any idea if the suggestions on this page are up-to-date? No timestamp > on the technical details just an interesting how-to. It looks like the author knows ModSecurity given the advanced rule set he / she proposes. But it's hard to tell if this works without testing it by heart. Alternatively, the ModSecurity Handbook has similar rules with the same goal and I guarantee that those really work. But ModSecurity is not the best tool to prevent BruteForce and Automation anyways. At least not when it gets closer to a DoS. Mod_qos and friends are usually better suited. Depends on the rules. The example you linked should apparently be put in Location context. But you can also work in server context which brings advantages as it can be ran in phase 1. But honestly, this is really advanced stuff and pros and cons are all very complicated and take a lot of experience. Ahoj, Christian -- Investors should be aware of the overall dangers the legal profession present to companies, and how its current and generalized naiveté can sink fortunes overnight. --- John Dvorak on the digg.com story in May 2007 |
