Re: [mod-security-users] Problem trying to catch malformed requests
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem trying to catch malformed requests
|
From: Ivan R. <iv...@we...> - 2005-08-19 08:52:08
|
Ivan Ristic wrote:
>
> I'll do a couple of test to see if it works,
> and if does I will release 1.9dev3 (by the end of week) with a
> configuration option to choose the hook to run at.
FYI, I've released 1.9dev3 with a compile-time option to make
mod_security run in hook #0 (post_read_request).
Here's a fragment from the manual:
---
By default mod_security will try to run at the last possible moment in
Apache request pre-processing, but just before the request is actually
run (for example, processed by mod_php). I have chosen this approach
because the most important function of mod_security is to protect the
application. On the other hand by doing this we are leaving certain
parts of Apache unprotected although there are things we could do about
it. For those who wish to experiment, as of 1.9dev3 mod_security can be
compiled to run at the earliest possible moment. Just compile it with
-DENABLE_EARLY_HOOK. Bear in mind that this is an experimental feature.
Some of the differences you will discover are:
* It should now be possible to detect invalid requests before Apache
handles them.
* It should be possible to assess requests that would otherwise
handled by Apache (e.g TRACE)
* Only server-wide rules will run. This is because at this point
Apache hasn't mapped the request to the path yet.
Subsequent releases of ModSecurity are likely to allow rule processing
to be split into two phases. One to run as early as possible, and
another, to run as late as possible.
---
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
