[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-sysadmin-list] Web Security

Hi Damian,

Those look good to me, and you might want to add some extra ones just to start.

# Log only relevant entries and log it
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log

# Filter only Dynamic content (to minimize performance impact) should be tested to be sure that it does what is expected
SecFilter DynamicOnly

Just my 2 cents :)


2008/11/21 Dennis Gilmore <dennis ausil us>
forwarding to the correct list

----------  Forwarded Message  ----------

Subject: [Fedora-sysadmin-list] Web Security
Date: Friday 21 November 2008
From: "Damian Myerscough" <damian myerscough gmail com>
To: "Fedora Administration and Infrastructure project" <fedora-sysadmin-
list redhat com>
Hello All,

I have managed to get a bit of free time to create some simple rules
for mod_security
which would be suitable for the web servers which we are currently
running. I have wrote
some generic rules which should be compatible with all the web
servers. However, we could
write rules which are much stricter for the web applications that are
hosted off the web servers.

Let me know what people think about the rules that I have attached.

Just a note, the final rule should point to maybe a security notice...
it would currently just redirect users
to fedoraproject.org.

Damian Myerscough


Fedora-infrastructure-list mailing list
Fedora-infrastructure-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]