Hello Paulo, I will add the extra fields and setup a virtual machine on my local host and use the Apache bentchmark utility to simulate high levels of traffic. 2008/11/24 Paulo Santos <santosp@xxxxxxxxxxxxxxxxx>: > Hi Damian, > > Those look good to me, and you might want to add some extra ones just to > start. > > # Log only relevant entries and log it > SecAuditEngine RelevantOnly > SecAuditLog /var/log/httpd/modsec_audit.log > > # Filter only Dynamic content (to minimize performance impact) should be > tested to be sure that it does what is expected > SecFilter DynamicOnly > > > Just my 2 cents :) > > Paulo > > > 2008/11/21 Dennis Gilmore <dennis@xxxxxxxx> >> >> forwarding to the correct list >> >> ---------- Forwarded Message ---------- >> >> Subject: [Fedora-sysadmin-list] Web Security >> Date: Friday 21 November 2008 >> From: "Damian Myerscough" <damian.myerscough@xxxxxxxxx> >> To: "Fedora Administration and Infrastructure project" <fedora-sysadmin- >> list@xxxxxxxxxx> >> Hello All, >> >> I have managed to get a bit of free time to create some simple rules >> for mod_security >> which would be suitable for the web servers which we are currently >> running. I have wrote >> some generic rules which should be compatible with all the web >> servers. However, we could >> write rules which are much stricter for the web applications that are >> hosted off the web servers. >> >> Let me know what people think about the rules that I have attached. >> >> Just a note, the final rule should point to maybe a security notice... >> it would currently just redirect users >> to fedoraproject.org. >> >> -- >> Regards, >> Damian Myerscough >> >> ------------------------------------------------------- >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >> > > -- Regards, Damian Myerscough _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
