Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort - VPS web server (Debian)

From: "Edward Fjellskål" <edwardfjellskaal () gmail com>
Date: Tue, 30 Aug 2011 20:05:09 +0200
On 08/30/2011 05:08 PM, Mike Lococo wrote:

As mentioned, mod-security will let you do signature-based blocking of 
http attacks (the kind that really matter for a web-server) in just a 
couple of megs of ram and there are some rulesets that I believe are 
decent out there like the owasp set.

Cheers,
Mike Lococo


Just to add to the fire...
You can use Varnish, which not only accelerate your site, but
including security.vcl or methods alike, adds some extra level
of security (like mod_security).

https://github.com/comotion/security.vcl/

Example of rules:
https://github.com/comotion/security.vcl/blob/master/vcl/modules/sql.vcl

Feedback and comments are welcome :)

---
I used to run snort (sguil sensor(snort,daemonlogger,cxtracker)) on a
128MB VPS... Worked fine for me :) (but there was not much traffic so...)


E

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: