I just committed /varnish-tools/security.vcl, which is an early version of a pet project Edward Bjarte Fjellskål, Kacper Wysocki and myself have been working at.
The idea is to add basic filtering of common exploits in VCL, but with minimal impact on normal VCL. This early version has a few ugly details (like hard coded paths), and some of the rules, specially in vcl/breach/, are likely to be downright wrong. The work is loosely based on mod_security (breach/ is automatically generated based on mod_security), but we've added several of our own rules too. The major drawbacks right now is that we can't parse POST-data, and that Varnish uses POSIX regex while mod_security use Perl regex. If you're curious about Security.VCL, I suggest you take a look at the README and the vcl/main.vcl. We'll continue to work on this sporadically, but patches are welcome. -- Kristian Lyngstøl Redpill Linpro AS Tlf: +47 21544179 Mob: +47 99014497
pgpBSuKqYHdC1.pgp
Description: PGP signature
_______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
