Hi guys,
I've planning out my upgrade to CentOS4 and one of my plans for security is to impliment the mod_security apache module to filter out unwanted malicious intent.
Not having used it before, I wanted to see if anyone here has implimented it and did it block any legit traffic or cause resource traffic/serious slowdowns of their systems?
I've asked on the forum about secure virtual hosting and have considered many options but what I have decided on is a combination of vsftp/TLS to chroot users and mod_security to reduce the risk of outside intrusion attempts via HTTP.
Is mod_security available as a package on CentOS4/RHEL4 ? I found packages for 3 but thus far none for 4.
many thanks
rgds
Franki
i'm also interested with mod_security too anyone implemented this in centos 4?
On 4/15/05, Franki franki@htmlfixit.com wrote:
Hi guys,
I've planning out my upgrade to CentOS4 and one of my plans for security is to impliment the mod_security apache module to filter out unwanted malicious intent.
Not having used it before, I wanted to see if anyone here has implimented it and did it block any legit traffic or cause resource traffic/serious slowdowns of their systems?
I've asked on the forum about secure virtual hosting and have considered many options but what I have decided on is a combination of vsftp/TLS to chroot users and mod_security to reduce the risk of outside intrusion attempts via HTTP.
Is mod_security available as a package on CentOS4/RHEL4 ? I found packages for 3 but thus far none for 4.
many thanks
rgds
Franki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi,
i'm also interested with mod_security too anyone implemented this
in centos 4?
Yes. Get the source from modsecurity.com and follow the install instructions. You will not need a package as installing is so simple.
It is as easy as one command: apxs -cia mod_security.c
This will install in the apache modules directory. Then all you need to to add the configuration file.
It's all in the install docs.
Mod_security rocks!
Cheers, Rudi.
Mark Quitoriano wrote:
i'm also interested with mod_security too anyone implemented this in centos 4?
On 4/15/05, Franki franki@htmlfixit.com wrote:
Hi guys,
I've planning out my upgrade to CentOS4 and one of my plans for security is to impliment the mod_security apache module to filter out unwanted malicious intent.
Not having used it before, I wanted to see if anyone here has implimented it and did it block any legit traffic or cause resource traffic/serious slowdowns of their systems?
I've asked on the forum about secure virtual hosting and have considered many options but what I have decided on is a combination of vsftp/TLS to chroot users and mod_security to reduce the risk of outside intrusion attempts via HTTP.
Is mod_security available as a package on CentOS4/RHEL4 ? I found packages for 3 but thus far none for 4.
many thanks
rgds
Franki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
what's apxs? i don't have such command
On 5/19/05, Rudi Starcevic tech@wildcash.com wrote:
Hi,
i'm also interested with mod_security too anyone implemented this
in centos 4?
Yes. Get the source from modsecurity.com and follow the install instructions. You will not need a package as installing is so simple.
It is as easy as one command: apxs -cia mod_security.c
This will install in the apache modules directory. Then all you need to to add the configuration file.
It's all in the install docs.
Mod_security rocks!
Cheers, Rudi.
Mark Quitoriano wrote:
i'm also interested with mod_security too anyone implemented this in centos 4?
On 4/15/05, Franki franki@htmlfixit.com wrote:
Hi guys,
I've planning out my upgrade to CentOS4 and one of my plans for security is to impliment the mod_security apache module to filter out unwanted malicious intent.
Not having used it before, I wanted to see if anyone here has implimented it and did it block any legit traffic or cause resource traffic/serious slowdowns of their systems?
I've asked on the forum about secure virtual hosting and have considered many options but what I have decided on is a combination of vsftp/TLS to chroot users and mod_security to reduce the risk of outside intrusion attempts via HTTP.
Is mod_security available as a package on CentOS4/RHEL4 ? I found packages for 3 but thus far none for 4.
many thanks
rgds
Franki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
ok got it i need the httpd-devel for that :)
On 5/19/05, Mark Quitoriano markquitoriano@gmail.com wrote:
what's apxs? i don't have such command
On 5/19/05, Rudi Starcevic tech@wildcash.com wrote:
Hi,
i'm also interested with mod_security too anyone implemented this
in centos 4?
Yes. Get the source from modsecurity.com and follow the install instructions. You will not need a package as installing is so simple.
It is as easy as one command: apxs -cia mod_security.c
This will install in the apache modules directory. Then all you need to to add the configuration file.
It's all in the install docs.
Mod_security rocks!
Cheers, Rudi.
Mark Quitoriano wrote:
i'm also interested with mod_security too anyone implemented this in centos 4?
On 4/15/05, Franki franki@htmlfixit.com wrote:
Hi guys,
I've planning out my upgrade to CentOS4 and one of my plans for security is to impliment the mod_security apache module to filter out unwanted malicious intent.
Not having used it before, I wanted to see if anyone here has implimented it and did it block any legit traffic or cause resource traffic/serious slowdowns of their systems?
I've asked on the forum about secure virtual hosting and have considered many options but what I have decided on is a combination of vsftp/TLS to chroot users and mod_security to reduce the risk of outside intrusion attempts via HTTP.
Is mod_security available as a package on CentOS4/RHEL4 ? I found packages for 3 but thus far none for 4.
many thanks
rgds
Franki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Regards, Mark Quitoriano, CCNA http://www.atamanetworks.com