[Fedora-sysadmin-list] Web Security

[Damian Myerscough]

Hello Paulo,

I will add the extra fields and setup a virtual machine on my local host and use
the Apache bentchmark utility to simulate high levels of traffic.

2008/11/24 Paulo Santos <santosp at fedoraproject.org>:
> Hi Damian,
>
> Those look good to me, and you might want to add some extra ones just to
> start.
>
> # Log only relevant entries and log it
> SecAuditEngine RelevantOnly
> SecAuditLog /var/log/httpd/modsec_audit.log
>
> # Filter only Dynamic content (to minimize performance impact) should be
> tested to be sure that it does what is expected
> SecFilter DynamicOnly
>
>
> Just my 2 cents :)
>
> Paulo
>
>
> 2008/11/21 Dennis Gilmore <dennis at ausil.us>
>>
>> forwarding to the correct list
>>
>> ----------  Forwarded Message  ----------
>>
>> Subject: [Fedora-sysadmin-list] Web Security
>> Date: Friday 21 November 2008
>> From: "Damian Myerscough" <damian.myerscough at gmail.com>
>> To: "Fedora Administration and Infrastructure project" <fedora-sysadmin-
>> list at redhat.com>
>> Hello All,
>>
>> I have managed to get a bit of free time to create some simple rules
>> for mod_security
>> which would be suitable for the web servers which we are currently
>> running. I have wrote
>> some generic rules which should be compatible with all the web
>> servers. However, we could
>> write rules which are much stricter for the web applications that are
>> hosted off the web servers.
>>
>> Let me know what people think about the rules that I have attached.
>>
>> Just a note, the final rule should point to maybe a security notice...
>> it would currently just redirect users
>> to fedoraproject.org.
>>
>> --
>> Regards,
>> Damian Myerscough
>>
>> -------------------------------------------------------
>>
>> _______________________________________________
>> Fedora-infrastructure-list mailing list
>> Fedora-infrastructure-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
>>
>
>



-- 
Regards,
Damian Myerscough