From: Ivan Ristic <ivanr@we...> - 2005-11-19 20:18:13
For some time now I have wanted to start distributing ModSecurity
together with a set of "standard" rules. I think it is only possible
to have such a set for detect-only mode. Otherwise there would
simply be too many false positives. I also do not expect these
rules to be effective as a protection/detection for content
management systems, but standard business-like application should
Anyway, I have a set of candidate rules but I'd like them to be
tested more before they are "unleashed" to the public. If you are
running a complex web application and you are willing to help
please send me an email to my private email address.
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
Get latest updates about Open Source Projects, Conferences and News.