|
From: Sven K. <ce...@gm...> - 2005-10-26 08:44:39
|
I am trying to use Apache as as reverse proxy and I host some PHP-based CMS sites for a couple of users. I also would like to use mod_security as a web firewall to fend off attacks. I have had clashes with the problems current "production" Apache versions have. Reverse proxying doesn't work at all like it should, users are getting redirected to each other pages after trying to log in to theis sites etc. Reverse proxying works fine with the newest beta version of Apache (2.1.8). But even after lot of testing, I am unable to get the newest mod_security to work properly. The problem is with having large rulesets. I would like to know how I could use the rules I get from here: http://www.gotroot.com/mod_security+rules This far I have tried the Include directives and copying the rules with sed. Still no luck. I have mod_security rules in a separate part of httpd.conf, between <IfModule..> directives in global scope and users' reverse proxy directives are inside a separate <VirtualServer..> . For setting up mod_security inside the <IfModule...> directive I have followed this guide: http://www.gotroot.com/tiki-index.php?page=3DSetup+of+mod_security I have not had the chance to try the version 1.8.7 in Apache 2.1.8 because it won't compile - I get errors. |
