WebApp Sec mailing list archives
Re: Apache module: mod_security
From: zeno <bugtraq () cgisecurity net>
Date: Tue, 10 Dec 2002 13:13:15 -0500 (EST)
Bill Burge wrote:After a cursory glance, other than removing a some abstraction> and making configuration a little more straight forward; I'm not > sure how this differs from what can be done with mod_rewrite. One major feature: it filters POST payloads, too. There is no point of having any kind of web application firewall if you allow attackers to attack you via POST. The other major feature (at least to me) is the full (POST included) audit log.
Thanks I've been searching for this for awhile. I know I'll be using this :) I know it isn't just you a few people I've spoken with have been searching for full POST data logging without needing to write their own mod.
And (I am trying really hard now :), it can also filter individual parameters. For example, if you have something like: script.php?title=value1&content=value2 with a rule SecFilterSelective ARGS|!ARG_content "<( |\n)+>" You can allow HTML to come through variable "content" but not through "title".
That is VERY nice :) - zeno () cgisecurity com
Current thread:
- Apache module: mod_security Ivan Ristic (Dec 10)
- Re: Apache module: mod_security Dave Aitel (Dec 10)
- Re: Apache module: mod_security Bill Burge (Dec 10)
- Re: Apache module: mod_security Ivan Ristic (Dec 10)
- Re: Apache module: mod_security Ivan Ristic (Dec 10)
- Re: Apache module: mod_security Bill Burge (Dec 10)
- Re: Apache module: mod_security Klaus Doerrscheidt (Dec 10)
- Re: Apache module: mod_security Gabe Lawrence (Dec 10)
- <Possible follow-ups>
- Re: Apache module: mod_security zeno (Dec 10)
- Re: Apache module: mod_security Dave Aitel (Dec 10)