WebApp Sec mailing list archives
RE: Tool like IISLockdown or URLScan
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Tue, 1 Jul 2003 17:55:05 +0200
Try mod_security
From Ivan Ristic's email to this list on the 30th May :
Mod_security 1.5 has been released. It is immediately available for download from: http://www.modsecurity.org/download/ This is a major release, containing significant new functionality. The most important changes are: Apache 2.x compatibility, new web site, and comprehensive manual. About mod_security ------------------ Mod_security is an Apache module whose purpose is to protect vulnerable applications and reject human or automated attacks. It is an open source intrusion detection and prevention system for Apache. In addition to request filtering, it also creates Web application audit logs. Requests are filtered using regular expressions. Some of the things possible are: * Apply filters against any part of the request (URI, headers, either GET or POST) * Apply filters against individual parameters * Reject SQL injection attacks * Reject Cross site scripting attacks With few general rules mod_security can protect from both known and unknown vulnerabilities. Changes (v1.5) -------------- * Apache 2.x compatibility * Added SecFilterInheritance * Added SecFilterByteRange * Added SecFilterCheckURLEncoding * A few bug fixes * New web site @ www.modsecurity.org * Comprehensive manual
-----Original Message----- From: John Madden [mailto:chiwawa999 () yahoo com] Sent: 01 July 2003 05:23 PM To: webappsec () securityfocus com Subject: Tool like IISLockdown or URLScan Hi, Is there a tool available that will have the same functionalities or close to it as IISLockdown or URLScan for Apache ? I know of CGIWrap but that's only CGI's, im looking for a tool to secure Apache... Thank you __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.
Current thread:
- Tool like IISLockdown or URLScan John Madden (Jul 01)
- RE: Tool like IISLockdown or URLScan owasp (Jul 01)
- <Possible follow-ups>
- RE: Tool like IISLockdown or URLScan Arek Slominski (Jul 01)
- RE: Tool like IISLockdown or URLScan dave (Jul 01)
- RE: Tool like IISLockdown or URLScan Dawes, Rogan (ZA - Johannesburg) (Jul 01)
- Re: Tool like IISLockdown or URLScan lbrlove (Jul 01)
- RE: Tool like IISLockdown or URLScan Chris Neppes (Jul 01)
- RE: Tool like IISLockdown or URLScan Renato E. Gioielli Andalik (Jul 01)
- RE: Tool like IISLockdown or URLScan Ben Krueger (Jul 01)