Re: Apache module: mod_security

[Dave Aitel <dave () immunitysec com>]

That's really cool! I think one of the salient features of it you didn't
highlight was that it can filter on the BODY arguments! With a GUI for
tuning, this would provide nearly all the features of an "application"
firewall!

-dave


On Tue, 10 Dec 2002 13:37:33 +0000
Ivan Ristic <ivanr () webkreator com> wrote:

> Hi,
>
> I have written this Apache 1.x module that will most likely
> be of interest to you. In essence it is an intrusion detection
> and prevention software for Apache. It filters incoming requests
> based on various criteria and either denies access or simply logs
> violations.
>
> The homepage of the module is:
> http://www.webkreator.com/mod_security/
>
> For those who know Apache well, have a look at configuration
> directive examples here:
> http://www.webkreator.com/download/mod_security/example-httpd.conf
>
> The module is stable and works quite nice in all my tests. I
> need input from people in order to gather requirements for
> future versions. Regression tests are scheduled for the next
> release, and so is a full list of attacks against which the
> module is effective.
>
> As an additional bonus, the module can also perform full
> audit logging so it can very useful for compromise forensics.
>
> Somewhere at the back of my mind I have plans for Java and
> IIS versions of the same thing (I have to get to learn more
> about the CodeSeeker project first, to make sure there is
> no duplicated effort).
>
> --
> Ivan Ristic, http://www.webkreator.com