Re: [mod-security-users] Ideas for future features..
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Ideas for future features..
|
From: Ivan R. <iv...@we...> - 2006-02-25 16:14:14
|
Zach Roberts wrote: > I apologize for being absent for most of the discussion. My schedule has > been quite full lately. > > I have been using a forked mod_access_rbl for about a year now. While I > don't use it to scan every request that comes in I do use it to control > access to two or three files that are accessed quite a bit. For these > three files I am using seven different blacklists and I've noticed no > drop in performance. Without a local cache? > As a matter of fact, ModSecurity 1.8.x-dev was able to interface > with external spam checkers. I announced it on the list (I think) > but since no one used it I removed it prior to 1.9 final. > > I believe this sort of checking needs to be internal. Accessing an > external Perl script for example would be far too resource intensive if > it were used to scan a very large number of incoming connections. Forking to execute a Perl script might not be feasible, but talking to an already-running daemon may be better. I'd really hate to see ModSecurity integrate a spam checker :) > I can see you guys have a good handle on the situation. The future > features of 2.0.0 look very promising with functionality similar to > mod_evasive. BTW, even now you can have protection better than with mod_evasive using httpd-guardian (http://www.apachesecurity.net/tools/). And, in terms of performance, probably faster than what will be available in ModSecurity v2.0. > If the functionality works with Frontpage too (mod_evasive > does not) it will be all that much better. That's interesting. What is the problem with FrontPage? -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
