Re: [mod-security-users] include snort rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] include snort rules
|
From: Ivan R. <iv...@we...> - 2005-11-16 10:05:00
|
Peter VE wrote: > > I'm using the ModSecurity script to convert, but it is launched from > within my own script, which > - downloads various sets of rules (snort, bleeding, community) > - extracts the rules > - only converts the rules that I need > - rips out some rules that I don't want/need > (after converting snort rules, I noticed that the converted file > contains a couple of SecFilter "" and SecFilter "=" entries, > which kinda break basic functionality... ) Nice. How long have you been using the Snort rules for? Are you happy with them for web intrusion detection? >>>When I update the files with newer files, will mod_security >>>automatically use the newer file ? Or does Apache need a restart ? >> >> You need to restart Apache. >> > > Will Apache start when one of the mod_security SecFilters is wrong ? No. But you can preserve the previous version of the configuration file, run Apache with "configtest" first, actually restarting only if everything's fine. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
