Apache mod-security

Ivan Ristic | 4 Apr 17:08

Re: Rules database

Tom Anderson wrote:
 >
>>   It never took off. At the last minute I decided a repository
>>   of rules that worked only in mod_security was not the best
>>   way forward. Instead, I designed the portable web application
>>   firewall rule format http://www.modsecurity.org/projects/wasprotect/.
> 
> OMG, that looks horrible!

   :)

   It will look even worse when a layer of meta-data is added to it.

> Please don't make that the only accepted 
> format.

   ModSecurity will support both formats in version 2, so don't
   worry.

> Human readability is key.

   I agree.

> XML is good for sharing rules between systems, but not for human 
> maintained configs.

   Again, I agree. The new XML-based format was designed just for
   that purpose (sharing between systems), hence the added
   complexity.

(Continue reading)

headers

Roman Medina-Heigl Hernandez | 4 Apr 17:11

Re: Rules database

Ivan Ristic wrote:
>   ModSecurity will support both formats in version 2, so don't
>   worry.

[...]

>   Again, I agree. The new XML-based format was designed just for
>   that purpose (sharing between systems), hence the added
>   complexity.

Then perhaps you'd not need to include support for ModSecurity. A simple
conversion tool (ensuring you can translate modsecurity format <-> XML
format) would suffice...

Regards,
-Román

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click

headers

Ivan Ristic | 4 Apr 17:38

Re: Rules database

Roman Medina-Heigl Hernandez wrote:
> Ivan Ristic wrote:
> 
>>  ModSecurity will support both formats in version 2, so don't
>>  worry.
> 
> 
> [...]
> 
> 
>>  Again, I agree. The new XML-based format was designed just for
>>  that purpose (sharing between systems), hence the added
>>  complexity.
> 
> 
> Then perhaps you'd not need to include support for ModSecurity. A simple
> conversion tool (ensuring you can translate modsecurity format <-> XML
> format) would suffice...

   Perhaps. Right now the XML format can do a few things ModSecurity
   native cannot but I can probably rectify that in 2.0.

--

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.

(Continue reading)