headers
howard chen | 3 Jul 16:19

Aritchecture

Hi,

Anyone can share about the setup of mod_security in your applications.

Current we have,

User <==> LVS (x2) <==> Squid (x3) <==> Apache/ PHP (x6) <==> MySQL

We are considering..

1. install one dedicated after Squid for centralized filtering, but
this is single point of failure and might be the bottom neck.
2. install mod_sec at each Apache

What do you think?

Thanks.

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Permalink | Reply |
headers
christian.folini | 3 Jul 16:30

Re: Aritchecture

Hey Howard,

Are you using Squid for caching? Otherwise I would replace the Squid.

You can mount ModSecurity on the existing Apache servers or put it
in front. I'd stick with 3 Apache/ModSecurity services behind the squid.
It can be on the same box though.

Centralized filtering is fun. But if you have decent means of rolling out
the same rules to all instances and centralizing the logs in real time 
(ModS Console), you are on the right path.

Others may have better things to say...

Regs,

Christian

-----Ursprüngliche Nachricht-----
Von: mod-security-users-bounces <at> lists.sourceforge.net
[mailto:mod-security-users-bounces <at> lists.sourceforge.net] Im Auftrag von howard chen
Gesendet: Donnerstag, 3. Juli 2008 16:21
An: mod-security-users <at> lists.sourceforge.net
Betreff: [mod-security-users] Aritchecture

Hi,

Anyone can share about the setup of mod_security in your applications.

Current we have,
(Continue reading)

Permalink | Reply |
headers
howard chen | 3 Jul 16:35

Re: Aritchecture

Hi

On Thu, Jul 3, 2008 at 10:30 PM,  <christian.folini <at> post.ch> wrote:
> Hey Howard,
>
> Are you using Squid for caching? Otherwise I would replace the Squid.
>

Yes, Squid is very important to reduce workload from our Apache since
user resources are stored in backend NFS (not shown in above diagram),
which is damn slow...

> You can mount ModSecurity on the existing Apache servers or put it
> in front. I'd stick with 3 Apache/ModSecurity services behind the squid.
> It can be on the same box though.
>

Yes, I also thinking of installing each mod_sec apache at each squid,
since squid is not CPU intensive, which might be a good choice...

Thanks.

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Permalink | Reply |

Gmane