H wrote: >> Basicly the Anti-evasion techniques. Anyway we can implement >> more of them if it worth to spend the time and the effort. > > witch anti-evasion techniques?
I could not say you without reading the mod_security code again. I took a look at it some time ago - maybe a couple of years. >> Any suggestion? > > Yes, if im not bad informed cherokee is faster and smaller than > apache and modsecurity helps in diferent ways. It helps not only in > secure the server by allowing only some parametrizable requests, but > improve the distribution of queries by sending requests to a > diferent servers (witch can be microsoft, sun or any kind of server) > selecting by the diferent resourced demanded. > > One exemple. > > you have 3 servers from diferent software producters. > > you can put one apache with the modsecure to send all request of one > url to one of then, all the recuest to asp to other , and all the > rest for the 3rd. And all of the servers will be protected. > > With this simple design you can protect from one bug or mysql > injection or javascript injection or anythink from a big range of > possible atackpoints for all that servers, just puting that apache > server in the midle. > > If it is a cherokee server, it can be faster and i think better. Ok, so it looks pretty much like a load balancer to me. I mean, a load balancer with a bunch of rules to ensure the request is not an attack. It would be interesting to support something similar in Cherokee. IMO, the inverse proxy handler is the right place to implement it. It should not be difficult to implement a few load balancing algorithms. >> What would you like to have in Cherokee which is currently >> provided by modsecurity? > > I still have to study the posibilities, i have just seen one > conference about modsecure and the first think i thought was: ¿What > about somethink like this for cherokke? Eh, eh.. thanks for thinking of Cherokee! :-) -- Greetings, alo. http://www.alobbs.com _______________________________________________ Cherokee mailing list [email protected] http://www.alobbs.com/cgi-bin/mailman/listinfo/cherokee
