Re: [mod-security-users] Rules database
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Rules database
|
From: Tom A. <tan...@oa...> - 2005-04-04 14:51:57
|
----- Original Message ----- From: "Ivan Ristic" <iv...@we...> To: <mod...@li...> Sent: Monday, April 04, 2005 10:33 AM Subject: Re: [mod-security-users] Rules database > Roman Medina-Heigl Hernandez wrote: >> I visited: >> http://www.modsecurity.org/db/rules/ >> But I got a bit disappointed when I saw only 4 rules :-(. The db seems >> to be discontinued... ? > > It never took off. At the last minute I decided a repository > of rules that worked only in mod_security was not the best > way forward. Instead, I designed the portable web application > firewall rule format http://www.modsecurity.org/projects/wasprotect/. OMG, that looks horrible! Please don't make that the only accepted format. I hate dealing with completely useless markup which can just as easily be implied. It just clutters up the configuration with non-info and bloats your file sizes. The best thing about working in unix environments is that everything is kept short and sweet. Human readability is key. SecFilterSelective "ARG_open" ^sesame$ (38 chars) vs <rule operator="regex" arg="params['open']" value="^sesame$" /> (63 chars) Multiply that by your whole configuration file... what a mess! XML is good for sharing rules between systems, but not for human maintained configs. Tom |
