new on ModSecurity

Thread: new on ModSecurity

Search this list only Search all lists
new on ModSecurity
United States	2007-03-22 14:26:13

Greetings, I’m planning to use ModSecurity for my environment, I understand that I have to install ModSecurity Apache in each of the Web Servers (20, 10 on each Data Center) and also I need to install ModSecurity Console ( at least 3 on each site). As far as the rules, the latest version of the Core Rules is bundled with ModSecurity 2.1.0. Now, how it works if a new rule come into place? Do we have to worry about that or it will distributed by ModSecurity?? Now you see my environment that I have … do you think the way that im doing is the correct one? Please advice Thanks Chris
Re: new on ModSecurity
United States	2007-03-22 17:57:06

Comments inline below. -- *Ryan C. Barnett* ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member Author: Preventing Web Attacks with Apache -------------- Web Security Threat Report Webinar on May 9, 2007 (12 pm EST) Learn More About the Breach Webinar Series: http://www.breach.com/webinars.asp -------------- From: mod-security-users-bounceslists.sourceforge.net [mailto:mod-security-users-bounceslists.sourceforge.net] On Behalf Of Chris Montesdeoca Sent: Thursday, March 22, 2007 3:26 PM To: mod-security-userslists.sourceforge.net Subject: [mod-security-users] new on ModSecurity Greetings, I’m planning to use ModSecurity for my environment, I understand that I have to install ModSecurity Apache in each of the Web Servers (20, 10 on each Data Center) [Ryan Barnett] Are all 30 of your web server currently running Apache 2.X? If so, then yes, you can install ModSecurity 2.1.0 onto each of the web servers. If some of the web servers are not Apache or if you would like to try and reduce the number of installations, you could consider running an Apache reverse proxy server to front-end these various other servers. You could then just install ModSecurity onto the reverse proxy server and protect all of the back-end systems.  <Vendor Pitch>If you like the reverse proxy idea but don’t have the time, resources, expertise to do it, then you might want to consider the commercial M1000 appliance - http://www.breach.com/products_m1000.asp. <;/Vendor Pitch> and also I need to install ModSecurity Console ( at least 3 on each site). [Ryan Barnett] If you install ModSecurity on all 30 servers and want to send the audit log/alerts to a Console, you would need to deploy 10 total Console servers (as there is a 3 Sensor limit on the open source version). <Another Vendor Pitch>Honestly, if you are going to have Mod running on that many servers, you might want to consider some of the commercial Breach offerings – specifically the upcoming ModSecurity Enterprise Manager which is a production quality central log host and would be able to handle all of these sensors.</Another Vendor Pitch> As far as the rules, the latest version of the Core Rules is bundled with ModSecurity 2.1.0. Now, how it works if a new rule come into place? Do we have to worry about that or it will distributed by ModSecurity?? [Ryan Barnett] The Core Rules are now bundled with the ModSecurity software so you would need to download the entire archive.  If/when there are updates to the Core Rules, Ofer will send out announcements to the mail-list so that you will know when to go and grab the latest/greatest. Now you see my environment that I have … do you think the way that im doing is the correct one? [Ryan Barnett] Sorry for throwing in some vendor stuff here…; I normally try to keep that to an absolute minimum however it seemed appropriate here.  Let me know if you need any more assistance. Please advice Thanks Chris

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )