Re: [Fedora-sysadmin-list] Web Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Damian,

Those look good to me, and you might want to add some extra ones just to start.

# Log only relevant entries and log it
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log


# Filter only Dynamic content (to minimize performance impact) should be tested to be sure that it does what is expected
SecFilter DynamicOnly


Just my 2 cents :)

Paulo


2008/11/21 Dennis Gilmore <dennis@xxxxxxxx>
forwarding to the correct list

----------  Forwarded Message  ----------

Subject: [Fedora-sysadmin-list] Web Security
Date: Friday 21 November 2008
From: "Damian Myerscough" <damian.myerscough@xxxxxxxxx>
To: "Fedora Administration and Infrastructure project" <fedora-sysadmin-
list@xxxxxxxxxx>
Hello All,

I have managed to get a bit of free time to create some simple rules
for mod_security
which would be suitable for the web servers which we are currently
running. I have wrote
some generic rules which should be compatible with all the web
servers. However, we could
write rules which are much stricter for the web applications that are
hosted off the web servers.

Let me know what people think about the rules that I have attached.

Just a note, the final rule should point to maybe a security notice...
it would currently just redirect users
to fedoraproject.org.

--
Regards,
Damian Myerscough

-------------------------------------------------------

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list


_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux