Anyone with test servers to play around with this? Devdas Bhagat
----- Forwarded message from Ivan Ristic <[EMAIL PROTECTED]> ----- From: Ivan Ristic <[EMAIL PROTECTED]> Date: Tue, 10 Dec 2002 13:37:33 +0000 To: [EMAIL PROTECTED] Subject: Apache module: mod_security User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126 Hi, I have written this Apache 1.x module that will most likely be of interest to you. In essence it is an intrusion detection and prevention software for Apache. It filters incoming requests based on various criteria and either denies access or simply logs violations. The homepage of the module is: http://www.webkreator.com/mod_security/ For those who know Apache well, have a look at configuration directive examples here: http://www.webkreator.com/download/mod_security/example-httpd.conf The module is stable and works quite nice in all my tests. I need input from people in order to gather requirements for future versions. Regression tests are scheduled for the next release, and so is a full list of attacks against which the module is effective. As an additional bonus, the module can also perform full audit logging so it can very useful for compromise forensics. Somewhere at the back of my mind I have plans for Java and IIS versions of the same thing (I have to get to learn more about the CodeSeeker project first, to make sure there is no duplicated effort). -- Ivan Ristic, http://www.webkreator.com ----- End forwarded message ----- ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
