mod_security (was: latest vulnerabilities...)
Chris Snyder
chris at psydeshow.org
Tue Jun 10 09:50:52 EDT 2003
Is anybody on the list using mod_security? Thoughts? Performance?
http://www.modsecurity.org
It allows you to filter get and post requests before they are handed off
to scripts. I wonder if it will do cookies as well?
It looks like an excellent way to add an extra layer of security to
anything that's being run via Apache. In the latest version you can
apparently chroot the environment in which scripts are run:
http://www.modsecurity.org/documentation/apache-internal-chroot.html
chris.
More information about the talk
mailing list