PDA

View Full Version : mod_security



smtalk
08-21-2007, 02:15 PM
Do you want it? How it needs to be implemented?

Duboux
08-21-2007, 03:12 PM
Just for the sake of Information management, could u objectively explain what it is/does and what its pro's and cons are ?

m4ri00sh
08-21-2007, 03:24 PM
Duboux...., What about that ...?:

http://www.modsecurity.org/


and

this http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html

Duboux
08-21-2007, 03:38 PM
Perfect :)

(ps, u can delete this post)

millerdesign
08-21-2007, 04:18 PM
Would it come with custom rules DirectAdmin approved? :D

chrda
08-21-2007, 05:35 PM
Need some good rules atleast, i tried some mega pack and it killed my joomla and some other stuff :)

Zoner
12-05-2007, 01:36 AM
Just like others stuff too,

### options.conf ###

mod_security=on|off

also some default configurations (light/medium/heavy security)

Henrik
07-01-2008, 02:57 PM
Digging up an old thread, but is there any thought of including mod_sec into apache 2.x? :)

majdi33
07-31-2013, 02:50 PM
What is the status of this feature ?

thunn
12-25-2013, 11:40 PM
Hello, currently CustomBuild still not have the mod_security integrated, is that right?

ccto
12-26-2013, 05:04 AM
We have been running modsecurity 2.x for years.

The build is easy with apache 2.2 x64 and 2.4 x64.

Pros:
I believe it SHALL already prevent a number of automated attack(s) silently.

Cons:
The core (and difficult) part is the ruleset.
Default rule set shall cause some false-positive, even for Squirrelmail.

We have disabled a few rules for squirrelmail, and a few for general purpose.
Also, we need to use DA panel custom httpd configuration to disable particular rule(s) for particular user, which means some admin and communication work

interfasys
01-04-2014, 05:27 PM
Lots of rules need to be disabled for phpmyadmin, wordpress, etc.
It's only worth integrating with a sane set of rules, compatible with web hosting and built by a security specialist.