logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: Hardening rules for mod_security2 - Anyone Help?
Author
stevep



Joined: 25 Jul 2006
Posts: 2

PostPosted: Tue 25 Jul '06 13:37    Post subject: Hardening rules for mod_security2 - Anyone Help? Reply with quote

Hi All,

Seeing that things like "SecFilterEngine On" is not a mod_security 2 directive... I get the feeling that quite a few of the rules in the "Hardening rules for mod_security" thread migth not work... Has anyone already produced an up to date list at all please? I'm afraid that the list is so long that I feel rather out of my depth trying to update it on my own, I have no idea!

Many thanks,

Steve
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Tue 25 Jul '06 13:51    Post subject: Reply with quote

Indeed quite some changes in version 2.

I think we have to wait till mod_security2 is released and sites like www.gotroot.com/tiki-index.php?page=mod_security+rules is coming with new rules.

Best to stick in the meantime with 1.9.x

Steffen
Back to top
stevep



Joined: 25 Jul 2006
Posts: 2

PostPosted: Wed 26 Jul '06 10:07    Post subject: Reply with quote

Thanks Steffen, as ever you're a great source of knowledge!

Cheers,

Steve
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Thu 03 Aug '06 0:06    Post subject: Reply with quote

Update, got the folowing from Ivan:


Ivan Ristic wrote:
It is realistic to expect v2.0 to be finalised (with complete
documentation and rule examples) in September. In general, if you want
to use 2.x as you would 1.9.x it's pretty straightforward (it is
mostly that the directive names have changed). For example: there is
no more SecFilter, and SecFilterSelective is called SecRule. These
changes probably cover the majority of the rules. Of course, new
features are only available in 2.x.


Steffen
Back to top


Reply to topic   Topic: Hardening rules for mod_security2 - Anyone Help? View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules