On 4/10/06, De Vries, Richard <Ric...@bm...> wrote:
> While doing some debugging on a web-application, I noticed that the
> mod_security plug-in appears to sit below the WebSphere plugin in the htt=
p
> process stack. Is that indeed correct?
I don't know, I've never had an opportunity to install ModSecurity
into a web server running the WebSphere plug-in. Do you know which
hook the plug-in runs at? There's only one hook in Apache that
"handles" requests and ModSecurity runs before it. However, it is
entirely possible for someone to write a plug-in that handles the
request during one of the previous phases. It would be a wrong thing
to do but it's still possible.
> I can block a request in Mod_Security, yet see it hit the websphere plug-=
in
> still. It does eventually block the request. Other than re-compiling it w=
ith
> that particular setting to hook it higher into the webserver (drastically
> high if you ask me), is there any other way to get it to execute prior to
> the webserver plugin?
Perhaps you mean the experimental ENABLE_EARLY_HOOK compile-time
switch? Custom-compiling ModSecurity is probably the only solution for
this problem. ModSecurity v2 will come with a built-in early
processing phase so you shouldn't need to recompile.
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
|
