httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: [users@httpd] mod_security and ironbee questions
Date Tue, 17 Mar 2015 09:53:53 GMT
On Mon, 2015-03-16 at 18:06 +0000, Rose, John B wrote:
> 1. Can anyone suggest a good base set of rules to utilize within
> mod_security?

Depends entirely on what you're looking to protect.  Did you
look at mod_security's core ruleset as a startingpoint?

> 2. While looking around for info on mod_security we came across some
> mentions of ironbee. Can someone give a comparison of the two?

mod_security came first, and made Ivan's name.  Having learned from
the experience, he and Brian then moved on to create Ironbee,
which is a much more general-purpose framework.  I'm not sure
how much active development mod_security gets since its original
team moved on.  The respective web sites will tell you more.

> 3. What would you recommend to use? mod_security? Ironbee? Something
> else? Mixture?

Neither - until you're clear about what goal you're seeking
to accomplish with a WAF.

Disclosure: I work on Ironbee, but I don't represent or speak for it.

Nick Kew

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message