19 Jun 00:03
Re: Updated to 2.5
From: Mark Lavi <mlavi <at> sgi.com>
Subject: Re: Updated to 2.5
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-18 22:03:31 GMT
Subject: Re: Updated to 2.5
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-18 22:03:31 GMT
It can be hard to think in the middle of a fire drill, but let me loan you my opinion. :) You may not have grasped the strategy in using a web application firewall: once you disable a rule, you are exposing yourself. If you disable one rule, then you have taken the first step down the slippery slope to disable more and increase your exposure. Surely that's not what you wanted to accomplish when you installed modsecurity in the first place? Please read rcbarnett's "Handling False Positives and Creating Custom Rules:" http://www.modsecurity.org/blog/archives/2007/02/handling_false.html You may wish to use DetectionOnly mode as suggested in the article and then work to eliminate issues with custom rules to grant exceptions before changing it back. Of course, I probably should not have to say this, but having a proper development environment would be ideal before rolling anything out to production. Sometimes that is not possible for all organizations, but it's something you are discovering may be justified for your procedures in the future. Cheers, --Mark Mark Lavi, Enterprise Web Management Team @ SGI mailto:mlavi <at> sgi.com || phone:+1-650-933-7707 -----Original Message----- From: mod-security-users-bounces <at> lists.sourceforge.net [mailto:mod-security-users-bounces <at> lists.sourceforge.net] On Behalf Of Grant Peel Sent: Wednesday, June 18, 2008 2:12 PM To: ModSecurity Subject: [mod-security-users] Updated to 2.5 Hi all, I recently upgraded one of our servers from mod_sec 1.9 to 2.5. Since then, I have been bombarded with emails from the company that leases the server from regarding issues that their clients are seeing. Anything from OpenWebmail not being allowed to send mails, to PHP pages not beeing sent (Access Denied). I have done some troubleshooting and remarked out a number of rules, along with jacking up the allowed body response size. My question is: Is there a known set of rules that can be adjused or removed, (a list of them if you will), that allows a webserver to run in a reasonable liberal mode, while still maintaining the XSS etc protection? Any comments regarding what rules had to be adjusted will be quite welcomed. -Grant ------------------------------------------------------------------------ - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ mod-security-users mailing list mod-security-users <at> lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-security-users ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
RSS Feed