Re: [mod-security-users] Which Rules to use?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Which Rules to use?
|
From: Michael S. <mi...@go...> - 2005-08-09 22:09:40
|
I've added a page that explains what each of the rulesets do: http://www.gotroot.com/tiki-index.php?page=3DWhich+mod_security+rules Everyones system is unique, so may have to adapt the some of the rules to your environment. I would love it if everyone ran with all the rules - if its any consolation, I run with all the rules on my servers - so they can get as much testing as possible in as many real environments as possible as I can't test for everything. =20 So, if you can, run with all the rules and lemme know if something breaks, be it false positives or negatives. If you can't afford any false positives, then you need to look at the rules, understand them and adapt to your specific environment. =20 So selfishly, I'd say "run them all!", but realistically you should only run with those rules that work for your system, which may require some tweaking, twisting and groaning over false alarms. In short, nothing is perfect. =20 With all that said, I do try to make sure the rules have the lowest probability for a false positive that I can test for (but I'm only human) and I do run with all these rules on my server, so I never release a rule I'm not comfortable running on my machines. But, my machines might be different from yours. :-) So, If you have the time to monitor them, and can stand a few false positives, run with all the rules and post any problems you might have with them so we can fix them, if not, then you will need to understand the rules and modify them for your system to fit your specific needs. :-) Oh, also, I run Plesk 7.5.x on some my machines, so for the most part I would expect that the rules should work fine with the basic Plesk software, but keep in mind that your users may upload their own custom apps to your PSA server and there may be a conflict in the rules. If you do run into a problem, please let me know and I'll take a look at it to see if the rule(s) can be modified in general to take that new application into account. --=20 Michael T. Shinn KeyID:DAE2EC86 Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86 http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xDAE2EC86 =20 Got Root? http://www.gotroot.com ModSecurity WebServer Firewall: http://www.modsecurityrules.com Troubleshooting Firewalls: http://troubleshootingfirewalls.com |
