Pablo Fischer wrote:
Hi!
My first idea is to create a new type of module. Until now, I have
had handlers, validators, loggers and encoders. The idea would be
to implement a new type, filters, to do this sort of things.
For example, we could have filters like: get_filter or post_filer.
Imagine something like this:
The filter idea sounds very good, however would be nice to have some
other kind of filters, and possibly, many of these filters would be
'extended' from others, like a sql_filter (for SQL Injection[1]), a php
filter[2] (attacks from outside) or why not, an output filter[3]
(attacks from inside, like XSS) ;-)
POST and SQL injection filters are needed to protect vulnerable CGI
applications so a good place to put the filtering layer is a new handler
inherited from the cgi handler......
The problem is we have different cgi handlers to choose from....
==========
Filter post_filter {
RegEx "(viagra|casino)" {
Action Drop
}
}
Filter get_filter {
RegEx "(cash|win)" {
Action Redirect http://example.com
}
}
Filter get_filer, post_filter {
RegEx "(lottery|prize)" {
Action Exec "iptable %ip .."
Action Drop
}
}
==========
The actions (Drop|Redirect|Execute) sounds pretty good!
Cheers,
[1] http://www.modsecurity.org/download/rules/modsecurity-general.conf
[2] http://www.modsecurity.org/download/rules/modsecurity-php.conf
[3] http://www.modsecurity.org/download/rules/modsecurity-output.conf
------------------------------------------------------------------------
_______________________________________________
Cherokee mailing list
[email protected]
http://www.0x50.org/cgi-bin/mailman/listinfo/cherokee
_______________________________________________
Cherokee mailing list
[email protected]
http://www.0x50.org/cgi-bin/mailman/listinfo/cherokee
