mod-security-users

[mod-security-users] include snort rules

[Peter VE <xx...@im...>]

Hi,

I wrote a script that pulls down multiple sets of snort rules, and
converts specific rulefiles to SecFilters.
The httpd.conf file contains an include statement for every converted
ruleset file.
When I update the files with newer files, will mod_security
automatically use the newer file ? Or does Apache need a restart ?
If it automatically uses the newer file, what happens at the very time
the file gets overwritten ? Will that cause a locking issue, or will
mod_security all of a sudden - just for a millisecond or so - run
without the included filters ?

thanks

Re: [mod-security-users] include snort rules

[Ivan R. <iv...@we...>]

Peter VE wrote:
> Hi,
> 
> I wrote a script that pulls down multiple sets of snort rules, and
> converts specific rulefiles to SecFilters.

  You shouldn't have, there's a script included with ModSecurity
  that does just that :)


> When I update the files with newer files, will mod_security
> automatically use the newer file ? Or does Apache need a restart ?

  You need to restart Apache.


> If it automatically uses the newer file, what happens at the very time
> the file gets overwritten?

  Nothing. When Apache is started rules are read in memory. What
  you do with the file afterwards is not important.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org