Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Hardening rules for mod_security2 - Anyone Help? |
|
| Author |
|
stevep
Joined: 25 Jul 2006
Posts: 2
|
 Posted: Tue 25 Jul '06 13:37 Post subject: Hardening rules for mod_security2 - Anyone Help? |
 |
|
Hi All,
Seeing that things like "SecFilterEngine On" is not a mod_security 2 directive... I get the feeling that quite a few of the rules in the "Hardening rules for mod_security" thread migth not work... Has anyone already produced an up to date list at all please? I'm afraid that the list is so long that I feel rather out of my depth trying to update it on my own, I have no idea!
Many thanks,
Steve |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Tue 25 Jul '06 13:51 Post subject: |
|
|
Indeed quite some changes in version 2.
I think we have to wait till mod_security2 is released and sites like www.gotroot.com/tiki-index.php?page=mod_security+rules is coming with new rules.
Best to stick in the meantime with 1.9.x
Steffen |
|
| Back to top |
|
stevep
Joined: 25 Jul 2006
Posts: 2
|
| Posted: Wed 26 Jul '06 10:07 Post subject: |
|
|
Thanks Steffen, as ever you're a great source of knowledge!
Cheers,
Steve |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Thu 03 Aug '06 0:06 Post subject: |
|
|
Update, got the folowing from Ivan:
| Ivan Ristic wrote: | It is realistic to expect v2.0 to be finalised (with complete
documentation and rule examples) in September. In general, if you want
to use 2.x as you would 1.9.x it's pretty straightforward (it is
mostly that the directive names have changed). For example: there is
no more SecFilter, and SecFilterSelective is called SecRule. These
changes probably cover the majority of the rules. Of course, new
features are only available in 2.x. |
Steffen |
|
| Back to top |
|
|
|
|
|
|
