[mod-security-users] Release of remo 0.1.3
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Release of remo 0.1.3
|
From: Christian F. <chr...@ti...> - 2007-03-14 16:40:55
|
Hello, Remo 0.1.3 alpha has been released. See the website at http://remo.netnea.com. Remo stands for "Rule Editor for ModSecurity". It's a project, attempting to - bring easier configuration to ModSecurity - make a whitelist/positive security model feasible for ModSecurity deployments This new release brings the following new features: - Support for query string arguments - Support for cookies - Every request parameter can be optional or mandatory Those who have seen the cool rule webcast by Ryan Barnett, have seen an info graphic explaining the way remo is translating your parameter definition into a ModSecurity rule. You can find this graphic at http://remo.netnea.com/twiki/bin/view/Documentation/WebHome With this release, remo brings the basic functionality to write a whitelist ruleset for an online application. I did a successful test with drupal, which comes with 250 different post parameters. It has been painful and took me almost two days to enter all these arguments into remo and qualify them with a regular expression. Then I generated the ruleset and got a fairly nailed down drupal installation. More work would be needed to tune the regular expressions on the given fields in order to make this useable in practice. But for a start, I have been quite pleased. As previously, the new release can be found on the demo site at: http://remo.netnea.com/demo/main/index You can get your feet wet there without the need to install remo. best regards, Christian Folini -- chr...@ne... - http://www.netnea.com ModSecurity and mod_security are trademarks of Breach Security, Inc. netnea.com is not affiliated with Breach Security, Inc. |
