Hi! > My first idea is to create a new type of module. Until now, I have > had handlers, validators, loggers and encoders. The idea would be > to implement a new type, filters, to do this sort of things. > > For example, we could have filters like: get_filter or post_filer. > Imagine something like this:
The filter idea sounds very good, however would be nice to have some
other kind of filters, and possibly, many of these filters would be
'extended' from others, like a sql_filter (for SQL Injection[1]), a php
filter[2] (attacks from outside) or why not, an output filter[3]
(attacks from inside, like XSS) ;-)
>
> ==========
> Filter post_filter {
> RegEx "(viagra|casino)" {
> Action Drop
> }
> }
>
> Filter get_filter {
> RegEx "(cash|win)" {
> Action Redirect http://example.com
> }
> }
>
> Filter get_filer, post_filter {
> RegEx "(lottery|prize)" {
> Action Exec "iptable %ip .."
> Action Drop
> }
> }
> ==========
The actions (Drop|Redirect|Execute) sounds pretty good!
Cheers,
[1] http://www.modsecurity.org/download/rules/modsecurity-general.conf
[2] http://www.modsecurity.org/download/rules/modsecurity-php.conf
[3] http://www.modsecurity.org/download/rules/modsecurity-output.conf
--
Pablo Fischer Sandoval (pablo [arroba/at] pablo.com.mx)
Cel: (044-55) 2689-6351
Fingerprint: 5973 0F10 543F 54AE 1E41 EC81 0840 A10A 74A4 E5C0
http://www.pablo.com.mx
http://www.jaws-project.com
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Cherokee mailing list [email protected] http://www.0x50.org/cgi-bin/mailman/listinfo/cherokee
