John Li | 25 May 20:54 2010

Are PHP-IDS rules only for php applications?

Hi,


The php-ids rules from core rule set are giving me a lot of headache and I am wondering if I can just completely remove them since there is no PHP applications behind ModSecurity. 

Thanks a lot for your advice.
------------------------------------------------------------------------------

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Ryan Barnett | 25 May 23:34 2010

Re: Are PHP-IDS rules only for php applications?

On Tuesday 25 May 2010 14:54:41 John Li wrote:
> Hi,
> 
> The php-ids rules from core rule set are giving me a lot of headache and I
> am wondering if I can just completely remove them since there is no PHP
> applications behind ModSecurity.
> 
> Thanks a lot for your advice.
> 
The phpids filters are created by converting the default_filters.xml file from the phpids 
site - https://svn.php-ids.org/svn/trunk/lib/IDS/default_filter.xml 

The attacks that are detected in this file are not php-specific and are relevant to all web 
platforms.  The XSS and SQLi rules in the phpids filters provide increased protections vs 
what we had in the CRS.

-Ryan

> --
> John Jun Li
> jli <at> jlisbz.com<mailto:jli <at> jlisbz.com>
> 
> My Blog: http://www.jlisbz.com
> My LinkedIn Profile: http://www.linkedin.com/in/johnjunli

------------------------------------------------------------------------------

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html


Gmane