Re: Apache module: mod_security

[zeno <bugtraq () cgisecurity net>]

> Bill Burge wrote:
> > After a cursory glance, other than removing a some abstraction
>  > and making configuration a little more straight forward; I'm not
>  > sure how this differs from what can be done with mod_rewrite.
>
>    One major feature: it filters POST payloads, too. There is no
>    point of having any kind of web application firewall if you
>    allow attackers to attack you via POST.
>
>    The other major feature (at least to me) is the full (POST
>    included) audit log.


Thanks I've been searching for this for awhile. I know I'll be using this :)
I know it isn't just you a few people I've spoken with have been searching for full POST
data logging without needing to write their own mod.


>    And (I am trying really hard now :), it can also filter
>    individual parameters. For example, if you have something
>    like:
>
>    script.php?title=value1&content=value2
>
>    with a rule
>
>    SecFilterSelective ARGS|!ARG_content "<( |\n)+>"
>
>    You can allow HTML to come through variable "content" but
>    not through "title".


That is VERY nice :)


- zeno () cgisecurity com