Thread: [mod-security-users] Loading the rules globally or per virtual host?
Brought to you by:
victorhora,
zimmerletw
From: Michael W. <mwa...@co...> - 2009-12-21 18:44:35
|
We have several servers dedicated only to running modsecurity. Each server has like 20 virtual hosts. The question is should each virtual host load the rules or should they be loaded globally instead? We have no desire to make the rules unique for each VH so my gut says to only load them once and then on the VH that we want to have the waf on to load the config file with the engine on. Is this the best way to do this? Does loading the rules on each VH bloat the server unnecessarily? Michael |
From: Ivan R. <iva...@gm...> - 2009-12-21 18:54:40
|
On Mon, Dec 21, 2009 at 6:44 PM, Michael Warchut <mwa...@co...> wrote: > We have several servers dedicated only to running modsecurity. Each > server has like 20 virtual hosts. The question is should each virtual > host load the rules or should they be loaded globally instead? We > have no desire to make the rules unique for each VH so my gut says to > only load them once and then on the VH that we want to have the waf on > to load the config file with the engine on. Is this the best way to > do this? Yes, that's the best way to deploy ModSecurity in your circumstances. > Does loading the rules on each VH bloat the server > unnecessarily? Probably. I don't know if the impact is measurable, but more rules will use more memory than fewer rules. > Michael > > > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html > -- Ivan Ristic ModSecurity Handbook [https://www.feistyduck.com] SSL Labs [https://www.ssllabs.com/ssldb/] |