Re: [EMAIL PROTECTED] mod_security

2007-10-19 Thread Danie Qian
Peel" <[EMAIL PROTECTED]> To: Sent: Friday, October 19, 2007 9:48 AM Subject: [EMAIL PROTECTED] mod_security Hi all, I installed mod_security yesterday on one server and am in the process of debugging. Along with mod_security itself, I have installed a number of rules, most of which

Re: [EMAIL PROTECTED] mod_security

2007-10-19 Thread Christian Folini
Hi there, Why are you using an old version of ModSecurity? As you start anew I suggest you start out with ModSecurity > 2.1. Then stick with the core-rules for a start and read the excellent security blog on the website to deal with false positives. There are many very good posts on the subject.

[EMAIL PROTECTED] mod_security

2007-10-19 Thread Grant Peel
Hi all, I installed mod_security yesterday on one server and am in the process of debugging. Along with mod_security itself, I have installed a number of rules, most of which are not causing any issues. The two below are causing some problems though: Number one seems to do its job too well as

Re: [EMAIL PROTECTED] mod_security and system load

2007-05-30 Thread Marc Perkel
Nick Kew wrote: On 29 May 2007, at 22:31, Marc Perkel wrote: I'm running FC6 and added mod_security using the default rule set and the load level on the system is about 5 times higher than without it. I'm wondering what rule sets I might disable that would give me some security without slo

Re: [EMAIL PROTECTED] mod_security and system load

2007-05-29 Thread Nick Kew
On 29 May 2007, at 22:31, Marc Perkel wrote: I'm running FC6 and added mod_security using the default rule set and the load level on the system is about 5 times higher than without it. I'm wondering what rule sets I might disable that would give me some security without slowing the server

[EMAIL PROTECTED] mod_security and system load

2007-05-29 Thread Marc Perkel
I'm running FC6 and added mod_security using the default rule set and the load level on the system is about 5 times higher than without it. I'm wondering what rule sets I might disable that would give me some security without slowing the server down to a crawl. Could use some practical advice.

RE: [EMAIL PROTECTED] mod_security 1.9.4 to 2.0.4

2007-01-16 Thread Boyle Owen
> -Original Message- > From: arun kumar [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 16, 2007 11:15 AM > To: users@httpd.apache.org > Subject: [EMAIL PROTECTED] mod_security 1.9.4 to 2.0.4 > >Hi All, > > Currentl

[EMAIL PROTECTED] mod_security 1.9.4 to 2.0.4

2007-01-16 Thread arun kumar
Hi All, Currently we are using mod_security 1.9.4 and my client want me to upgrade mod_security to 2.0.4. In mod_security site I found that all the directives of 2.0.4 is different from 1.9.4. Please let me know where I can get 1.9.4 equavalent directive

Re: [EMAIL PROTECTED] mod_security general question...

2006-08-23 Thread Jignesh Badani
Thanks to Nick, Joshua & William for your responses. Keep up the good work. regards -Jignesh "William A. Rowe, Jr." <[EMAIL PROTECTED]> 08/22/2006 07:58 PM Please respond to users@httpd.apache.org To users@httpd.apache.org cc Subject Re: [EMAIL PROTECTED] mod_secur

Re: [EMAIL PROTECTED] mod_security general question...

2006-08-22 Thread William A. Rowe, Jr.
Jignesh Badani wrote: > Thanks Nick, it makes sense. So can I assume that the Apache group is fine > with its user base using 3rd party mod_security Why not? http://modules.apache.org/ - lots of modules - we have no problem with users deploying any module which solves their requirements. > and

Re: [EMAIL PROTECTED] mod_security general question...

2006-08-22 Thread Joshua Slive
On 8/22/06, Jignesh Badani <[EMAIL PROTECTED]> wrote: Thanks Nick, it makes sense. So can I assume that the Apache group is fine with its user base using 3rd party mod_security and that they do not plan to develop something similar ? The reason I am confused is I see Ryan Barnett as Team Lead fo

Re: [EMAIL PROTECTED] mod_security general question...

2006-08-22 Thread Jignesh Badani
bject Re: [EMAIL PROTECTED] mod_security general question... On Tuesday 22 August 2006 23:22, Jignesh Badani wrote: > We have been looking at implementing mod_security for quite some time now, > but it is not getting a green flag because the module is not part of the > Apache group offering

Re: [EMAIL PROTECTED] mod_security general question...

2006-08-22 Thread Nick Kew
On Tuesday 22 August 2006 23:22, Jignesh Badani wrote: > We have been looking at implementing mod_security for quite some time now, > but it is not getting a green flag because the module is not part of the > Apache group offering (yet). > > 1. Is there a reason, this module is still not being bund

[EMAIL PROTECTED] mod_security general question...

2006-08-22 Thread Jignesh Badani
We have been looking at implementing mod_security for quite some time now, but it is not getting a green flag because the module is not part of the Apache group offering (yet). 1. Is there a reason, this module is still not being bundled as part of the Apache source ? 2. Has anybody implement