Re: [mod-security-users] Rules database

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Roman:
When i tried the modsecurity, i used a script to convert snort rules to=20
modsecurity rules, maybe you could do that to initialize your rules=20
database, and then optimize the set of rules.

Here is the link:
http://www.modsecurity.org/documentation/converted-snort-rules.html

Cheers
Christian Martorella

Roman Medina-Heigl Hernandez wrote:

>Hi,
>
>I'm interested in protecting webapps in a "generic way" (more or less
>:-)), which means that if I choose to install a PHP-Nuke portal and a
>new SQL injection bug in that portal is disclosed, it will not be
>exploitable (the code would still be buggy until patching, but that's
>unavoidable). Of course, the idea is to catch the more kind of bugs
>being possible (not only SQL injection, but directory traversal, remote
>PHP script injection, shell injection, etc).
>
>I visited:
>http://www.modsecurity.org/db/rules/
>But I got a bit disappointed when I saw only 4 rules :-(. The db seems
>to be discontinued... ?
>
>I'm wondering whether:
>1) There are other "repositories" for mod-security rules, or
>2) Some of you, security-specialists, would be kind enough to share the
>rules you have, ideas, etc.
>
>Other repositories (not direcly related to Mod-security but perhaps
>easily "convertible" to; for instance, rules from other IPS devices) may
>also be interesting.
>
>Hope hearing from you, guys :-)
>
>Kind regards,
>-Rom=E1n
>
>
>-------------------------------------------------------
>SF email is sponsored by - The IT Product Guide
>Read honest & candid reviews on hundreds of IT Products from real users.
>Discover which products truly live up to the hype. Start reading now.
>http://ads.osdn.com/?ad_ide95&alloc_id=14396&op=3Dclick
>_______________________________________________
>mod-security-users mailing list
>mod...@li...
>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
> =20
>