Comments on: gotroot modsecurity Rules for Apache - Anti-spam and Security

By: Sir Henry

Sir Henry — Tue, 08 Jan 2008 16:55:11 +0000

@linuxamp:

I, too, am intrigued to find out what was the root cause of the issues you experienced. Should you have the time, please post them here.

By: goodpeople

goodpeople — Mon, 07 Jan 2008 14:56:29 +0000

@Linuxamp

It would be nice if you could dig up what was going on. I am planning to play with this sometime later this week.

By: linuxamp

linuxamp — Mon, 07 Jan 2008 06:57:03 +0000

I ran mod_security for a while but noticed that some portions of my webapp (drupal+gallery2) broke. I don’t recall exactly what broke since it was a while ago but it was significant enough for me finally decide to disable mod_security.

By: eM3rC

eM3rC — Sun, 06 Jan 2008 21:31:19 +0000

Wow great post. Can really use this.

By: Sir Henry

Sir Henry — Fri, 04 Jan 2008 15:36:27 +0000

@Pantagruel

Yet another illustration of how it is so difficult to balance security and usability.

By: Pantagruel

Pantagruel — Fri, 04 Jan 2008 10:56:37 +0000

fak3r has a good point. An extensive rule set will definitely slow down the response (especially on a overloaded server or less powerful server). To my opinion this is a small price you pay for some added security (and a nice excuse to upgrade hardware, making this hardware junkie even happier )

hardening your Linux server is a good thing, hardening apache (try Google millions of howto’s) is a must.

@fak3r, do you have a good link to sudokin, Google only burps out some blog messages (and no real usable stuff). Up to now I’ve been using http://www.hardened-php.net/suhosin/index.html , tutorial(s) on http://www.howtoforge.com and it’s always a good thing to have another added layer of protection.

By: kaneda

kaneda — Fri, 04 Jan 2008 10:18:59 +0000

Argh - download links are broken on the gotroot website, do you guys have a mirror instead?

By: fak3r

fak3r — Thu, 03 Jan 2008 16:06:21 +0000

I’ve posted here about mod_security before, it’s a great tool, but it if you pile on all of these rules it will slow page loads significantly. Best is to use mod_sec core rules, and pepper in some got root rules that look useful.

Oh, and patch PHP with sudokin first.

By: Sir Henry

Sir Henry — Thu, 03 Jan 2008 12:52:57 +0000

I just built a server for my director that will serve his website from home. Although Apache is installed, I cautioned him about doing so when being an absolute neophyte in the ways of Linux and Apache. This will be awesome for him and hopefully get him learned on a thing or two about Apache and security. Thanks for posting this.

By: goodpeople

goodpeople — Thu, 03 Jan 2008 11:01:24 +0000

Oh wow! am I going to have fun with this one…