Re: [mod-security-users] Mod security on a reverse proxy???
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Mod security on a reverse proxy???
|
From: Ivan R. <iv...@we...> - 2004-01-26 21:58:52
|
> Is there sombody who has installed mod_security on a > reverse proxy to protect the backend servers??? I have, and I have also heard from many users that they are running it with a reverse proxy. > I'm looking for a configuration to protect my inner > web sitees running various webservers like IIS, > Tomcat, websphere .... You will find this article interesting: http://www.securityfocus.com/infocus/1739 > Is there a way to set up a generic file, because it > seems that mod_security patches against known bugs > (comming from a snort list) but what about the bugs > still need that are discovered all the time? Do you > need to addapt you config as soon as it is known, > which is not a good way of doing it.... You should use both approaches. In the article you can see some general rules that make web application hacking more difficult. It all boils down to knowing what runs on the servers you want to protect - you need to craft some rules for that. That will cover unknown threats. As for specific vulnerabilities - I don't like the Snort rules too much. Most of them are not good anyway. But a rule database is on the way, and if that becomes popular you should be able to automatically "patch" the software via mod_security for known, specific vulnerabilities. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
