> Have you used mod_security yourself? yes I can say that the code is extremely well written, and that the project as a whole has gained critical acclaim. If you are _not_ using it, do - it's very useful. The idea is to gain control over a problematic and complex application/codebase by modifying the IO stream to prevent many threats such as XSS, code release, SQL injection etc.. Well worth a look, it is as complex as the collective understanding of threats is, and allows you to react "intelligently" to new threats you (or it) sees in your logs. The "Cool Rules" project which has a recording out at the moment. http://www.modsecurity.org/projects/coolRules/index.html
Sounds really good. It is tough to set up? Do you think it's removewhitespace would solve my problem?
>> AddOutputFilter DEFLATE pl > > I did add this to httpd.conf. How can I tell if it's working and are > there any drawbacks to using it? Well this just adds the additional step of allowing Apache to implement compression. Often resulting in as much as 90% drop in markup bytes, so include file extensions that contain markup, such as css and js. I have also used compression by default for 4 years with not issues. If the browser sends Accept-Encoding: gzip,deflate header then Apache will respond in kind. Your browser will uncompress the output so you won't notice anything different about your source code but if you run a proxy, this will report the stream a gzip or whatever, so you will only be able to read the markup in the proxy logs/packet sniffer if it has been decompressed. As for telling it is working the response headers will contain Vary: User-Agent,Accept-Encoding Content-Encoding: gzip most likely, and the bytes served will be much smaller than you are used to.
OK I have: AddOutputFilter DEFLATE html css - Grant --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|