Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: ModSecurity rules question |
|
| Author |
|
flatcircle
Joined: 27 Jun 2006
Posts: 79
|
 Posted: Thu 03 Jul '08 22:48 Post subject: ModSecurity rules question |
 |
|
Hi,
In the ModSecurity download available on this site, the ModSecurity Core rules (from Breach) are included.
However, from the site www.gotroot.com, a link is pointing to http://downloads.prometheus-group.com/delayed/rules/
As a ModSecurity noob, I'd like to know which Core Ruleset is the best I can use. (Prometheus or Breach)
Also does it make sense to enable/use all this Core Rules on my webserver?
Regards. |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Fri 04 Jul '08 21:17 Post subject: |
|
|
My advise is to start to use the included rules from Breach.
And remove the rules which you do not need. For example when you do not run (my)SQL it makes no sense to use sql rules.
Steffen |
|
| Back to top |
|
|
|
|
|
|
