RE: [mod-security-users] Mod Security and WebSphere

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Sorry, I do not *yet* know what hook the websphere plug-in runs at. I'll
see if I can find out -- though I am no debug-guru, so I'll have to see
how far I get.

Yes, I was indeed talking about the "ENABLE_EARLY_HOOK" compile-time
switch, but I prefer to use that as a last resort.

-----Original Message-----
From: Ivan Ristic [mailto:iva...@gm...]=20
Sent: Monday, April 10, 2006 5:44 PM
To: De Vries, Richard
Cc: mod...@li...
Subject: Re: [mod-security-users] Mod Security and WebSphere

On 4/10/06, De Vries, Richard <Ric...@bm...> wrote:
> While doing some debugging on a web-application, I noticed that the
> mod_security plug-in appears to sit below the WebSphere plugin in the
http
> process stack. Is that indeed correct?

I don't know, I've never had an opportunity to install ModSecurity
into a web server running the WebSphere plug-in. Do you know which
hook the plug-in runs at? There's only one hook in Apache that
"handles" requests and ModSecurity runs before it. However, it is
entirely possible for someone to write a plug-in that handles the
request during one of the previous phases. It would be a wrong thing
to do but it's still possible.

> I can block a request in Mod_Security, yet see it hit the websphere
plug-in
> still. It does eventually block the request. Other than re-compiling
it with
> that particular setting to hook it higher into the webserver
(drastically
> high if you ask me), is there any other way to get it to execute prior
to
> the webserver plugin?

Perhaps you mean the experimental ENABLE_EARLY_HOOK compile-time
switch? Custom-compiling ModSecurity is probably the only solution for
this problem. ModSecurity v2 will come with a built-in early
processing phase so you shouldn't need to recompile.

--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall