Re: [mod-security-users] Release of remo 0.1.0

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Thanks Christian, this is a very interesting tool.

Some ideas popped into my mind after using the tool:

- It would be great if the raw requests when generated by browsing. You
could use ModSecurity audit files to extract the requests from (or
WebScarab session files if you want client side).

- In the rules you generate you use ModSecurity rules to check the
method for each URL. It is much more efficient to use Apache <location>
directive for that.

- I assume that parameters are on their way, but you may want to limit,
in addition to method and parameters also content type and maybe other
things.=20

- Instead of generating the entire rule set, you may want to create a
rules file that works in conjunction with the core rule set (say file
#99), after all the combination of both positive and negative models is
the most effective.

And one small comment: it was really hard to find how to generate the
rules. A textual button would probably be more intuitive.

~ Ofer

> -----Original Message-----
> From: mod...@li... [mailto:mod-
> sec...@li...] On Behalf Of Christian
> Folini
> Sent: Friday, February 09, 2007 12:07 PM
> To: mod...@li...
> Subject: [mod-security-users] Release of remo 0.1.0
>=20
> Hello,
>=20
> Remo 0.1.0 alpha has been released.
> See the website at http://remo.netnea.com.
>=20
> Remo stands for "Rule Editor for ModSecurity". It's a little
> project of mine, attempting to
>  - bring easier configuration to ModSecurity
>  - make a whitelist/positive security model feasible for
>    ModSecurity deployments
>=20
> It is in the nature of an alpha release, that it is not
> very productive. Still it is in a state, where it can be
> showed around. At least a bit. I started out with development in
> January. I took a few weeks to get in touch with ruby and rails
> knowledge, as this is meant to be an online application, ready for
> use in corporate environments or within spread communities. Then
> i started hacking.
> With this first release comes the ability to enter (trimmed down)
> HTTP requests, edit them, delete them and rearrange them. Then you
> can generate a functional positive ruleset with a fallback deny-all
> rule. With trimmed down HTTP request I mean a request made up of the
> method and the path only.
>=20
> With this, the base is laid and i'll start with the extension
> of this base:
>  - Extend the request record to include the full variety of
>    http header fields
>  - Display the individual request as a tree of parameters
>  - Generate a strict ruleset based on such a list of full blown
>    request records
>=20
> If you are interested in the project, then visit the website.
> >From the site, you can download the sourcecode and installation
> instructions. If you just want to see remo in action, then
> take a look at the instruction video or the online demo. All
> available from the address above.
>=20
> This project is a one-man show so far. Still i try to be as
> transparent as possible. Check out the development wiki
> at http://remo.netnea.com/twiki
>=20
> To lure you into joining the development, let me show you some
> crisp ruby/rails code, hot from the press:
>=20
>   def test_user_working
>     Request.delete_all
>=20
>     colin =3D regular_user
>=20
>     colin.clicks_clear
>     colin.adds_request("GET", "/index.html")
>     colin.adds_request("POST", "/index.php")
>     colin.adds_request("GET", "/index.cgi")
>     colin.adds_request("GET", "/start.html")
>=20
>     colin.requests_detailarea(4)
>     colin.rearranges_requests(["4", "1", "2", "3"])
>     colin.requests_detailarea(3)
>     colin.generates_ruleset
>=20
>     ...
>=20
> Is not this sexy?
>=20
> It is taken from the integration tests of the application.
> A daily summary of these tests is on display at
> http://remo.netnea.com/?q=3Ddownload
>=20
> If you take the time to have a look at the project, i would be
> very happy to get some feedback like bug reports, feature
> requests or simply encouragement. I think this is very important.
> Especially at this early stage of development.
>=20
> best regards,
>=20
> Christian Folini
>=20
> --
> chr...@ne...          -        http://www.netnea.com
> ModSecurity and mod_security are trademarks of Breach Security, Inc.
> netnea.com is not affiliated with Breach Security, Inc.
>=20
>
------------------------------------------------------------------------
-
> Using Tomcat but need to do more? Need to support web services,
security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier.
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D=
121642
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users