Grant wrote: >> > Have you used mod_security yourself? >> yes I can say that the code is extremely well written, and that the >> project as a whole has gained critical acclaim. If you are _not_ using >> it, do - it's very useful. The idea is to gain control over a >> problematic and complex application/codebase by modifying the IO stream >> to prevent many threats such as XSS, code release, SQL injection etc.. >> Well worth a look, it is as complex as the collective understanding of >> threats is, and allows you to react "intelligently" to new threats you >> (or it) sees in your logs. The "Cool Rules" project which has a >> recording out at the moment. >> http://www.modsecurity.org/projects/coolRules/index.html > > Sounds really good. It is tough to set up? Do you think it's > removewhitespace would solve my problem? It can be compiled in and only a couple of rules put it, it is as easy as that, if you don't want to include thousands of rules you dont have to. I cant guarantee it will solve the whitespace issue, but it's worth a shot, mod_security is more powerful than this and worth having just for its other functionality. > >> >> AddOutputFilter DEFLATE pl >> > >> > I did add this to httpd.conf. How can I tell if it's working and are >> > there any drawbacks to using it? >> Well this just adds the additional step of allowing Apache to implement >> compression. Often resulting in as much as 90% drop in markup bytes, so >> include file extensions that contain markup, such as css and js. I have >> also used compression by default for 4 years with not issues. If the >> browser sends >> Accept-Encoding: gzip,deflate >> header then Apache will respond in kind. Your browser will uncompress >> the output so you won't notice anything different about your source code >> but if you run a proxy, this will report the stream a gzip or whatever, >> so you will only be able to read the markup in the proxy logs/packet >> sniffer if it has been decompressed. As for telling it is working the >> response headers will contain >> Vary: User-Agent,Accept-Encoding >> Content-Encoding: gzip >> most likely, and the bytes served will be much smaller than you are >> used to. > > OK I have: > > AddOutputFilter DEFLATE html css cool provided your browser sends the accept header, then this should bring performance and bandwidth benefits, especially for larger pages. (for tiny JSON output the server zip and browser unzip cycle isnt worth it, but CPU is cheap eh?:) m > > - Grant > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
-- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
