-----BEGIN PGP SIGNED MESSAGE-----
Here is a suggestion of XML modelization for an HTTP filter, based on a
positive model (ie, not blacklisting known attacks, but rather accepting
only known, validated good requests). This model is heavily inspired
from Ivan's publication of november 2005.
When/if this model is validated, we [INL] will be in position to publish
some work we have started working on, especially about :
- - generating rules expressed in this model, based on [mod_security] log
analysis (log of traffic considered as good)
- - building mod_security rules from the XML model.
- - possibly [at least partially] converting rules from proprietary filters
Should this model be amended (as will probably be), we will of course
adapt our (alpha stage) tools to take advantage of it.
All comments and suggestions will, of course, be most welcome.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
From: Ivan Ristic <ivanr@we...> - 2006-07-07 13:42:31
Vincent Deffontaines wrote:
> Here is a suggestion of XML modelization for an HTTP filter, based on a
> positive model (ie, not blacklisting known attacks, but rather accepting
> only known, validated good requests). This model is heavily inspired
> from Ivan's publication of november 2005.
I am somewhat confused. You took my work, changed it heavily, and
now you are sending it back to me as your proposal. Wouldn't it
have been better to point to the inefficiencies of my work so that
we can improve it through discussion?
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
Get latest updates about Open Source Projects, Conferences and News.