Pablo Fischer wrote:
>> My first idea is to create a new type of module. Until now, I have
>> had handlers, validators, loggers and encoders. The idea would be
>> to implement a new type, filters, to do this sort of things.
>>
>> For example, we could have filters like: get_filter or post_filer.
>> Imagine something like this:
>
> The filter idea sounds very good, however would be nice to have some
> other kind of filters, and possibly, many of these filters would be
> 'extended' from others, like a sql_filter (for SQL Injection[1]), a php
> filter[2] (attacks from outside) or why not, an output filter[3]
> (attacks from inside, like XSS) ;-)
>
>> ==========
>> Filter post_filter {
>> RegEx "(viagra|casino)" {
>> Action Drop
>> }
>> }
>>
>> Filter get_filter {
>> RegEx "(cash|win)" {
>> Action Redirect http://example.com
>> }
>> }
>>
>> Filter get_filer, post_filter {
>> RegEx "(lottery|prize)" {
>> Action Exec "iptable %ip .."
>> Action Drop
>> }
>> }
>> ==========
>
> The actions (Drop|Redirect|Execute) sounds pretty good!
Okay, then how about something like..
Filter <what you filter> {
<How you filter it> {
<Action(s)>
}
}
For example:
==========
Filter POST {
RegEx "(porn|p0rn)" {
Action Exec "iptables %ip .."
Action Drop
}
}
Filter URL {
SQL_filter {
Action Redirect http://..
}
}
Filter POST, URL {
XSS_filter {
Action Log combined /var/log/cherokee/xss.log
Action Drop
}
}
==========
--
Greetings, alo.
_______________________________________________
Cherokee mailing list
[email protected]
http://www.0x50.org/cgi-bin/mailman/listinfo/cherokee
