Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 7592 invoked by uid 500); 10 Dec 2002 14:46:58 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 7581 invoked from network); 10 Dec 2002 14:46:58 -0000 Received: from cgisecurity.net (199.125.85.46) by daedalus.apache.org with SMTP; 10 Dec 2002 14:46:58 -0000 Received: (from root@localhost) by cgisecurity.net (8.11.6/8.11.6) id gBAEfcw24792; Tue, 10 Dec 2002 09:41:38 -0500 (EST) From: zeno Message-Id: <200212101441.gBAEfcw24792@cgisecurity.net> To: users@httpd.apache.org Date: Tue, 10 Dec 2002 09:41:38 -0500 (EST) Cc: zeno@cgisecurity.net (zeno) X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: [users@httpd] mod_security: New apache module/http firewall Hello, I'm forwarding this email from another list. I haven't tried it yet but looks promising. - zeno@cgisecurity.com From: Ivan Ristic User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126 X-Accept-Language: en-us, en MIME-Version: 1.0 To: webappsec@securityfocus.com Hi, I have written this Apache 1.x module that will most likely be of interest to you. In essence it is an intrusion detection and prevention software for Apache. It filters incoming requests based on various criteria and either denies access or simply logs violations. The homepage of the module is: http://www.webkreator.com/mod_security/ For those who know Apache well, have a look at configuration directive examples here: http://www.webkreator.com/download/mod_security/example-httpd.conf The module is stable and works quite nice in all my tests. I need input from people in order to gather requirements for future versions. Regression tests are scheduled for the next release, and so is a full list of attacks against which the module is effective. As an additional bonus, the module can also perform full audit logging so it can very useful for compromise forensics. Somewhere at the back of my mind I have plans for Java and IIS versions of the same thing (I have to get to learn more about the CodeSeeker project first, to make sure there is no duplicated effort). -- Ivan Ristic, http://www.webkreator.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org