Hi, On Wed, Nov 11, 2009 at 9:38 PM, Jason Dixon <ja...@dixongroup.net> wrote: > There are plenty of L7 tools in OpenBSD base and ports/packages to help > you reach your goals. It's up to you to deploy and configure them > properly for your environment. Just a few off the top of my head: > > relayd(8) > authpf(8) > net/snort > www/mod_security
The first two do not examine web application payloads originated from requests. Snort is not oriented either for this type of detection/prevention.. starting only for the fact that blocking this would have to interface with pf instead of giving a 400 error page in the browser of the client by apache. Correct me if iam wrong? > > Indeed, mod_security is only currently available for apache-1.3. But I > think the lack of modsecurity-2.x is only because nobody has stepped up > to complete the port, not because of any technical hurdles. As i said, modsecurity 2 is only compatible with apache2, otherwise I would be able to install modsecurity2 on top of apache1 and that is not the case because of library differences.