Results 1 to 4 of 4
  1. #1
    Join Date
    May 2003
    Posts
    472

    Is mod_security worth it?

    Hello,

    I've installed mod_security but had to turn most of the secfilters off because when they are on simple things like forums dont even work without getting 500's.

    I'm just wondering, is mod_security really worth having as overhead on apache if most of the secfilters arent on? Does mod_security still filter bad requests even without having secfilter tags for specific things?

    Thanks,
    Dan

  2. #2
    Greetings Dan:

    We've found that if you have the time and the experience going through log files, that the proper set up of mod_security can be worth while.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  3. #3
    Join Date
    May 2003
    Posts
    472
    OK thank you, but lets say I have these rules enabled:

    SecFilterCheckURLEncoding On
    SecFilterForceByteRange 1 255
    SecAuditEngine RelevantOnly
    SecFilterScanPOST On

    # Protecting from XSS attacks through the PHP session cookie
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

    SecFilter /bin/cc
    SecFilter /bin/gcc
    SecFilter /usr/bin/wget

    ------------

    So my question is, will mod_security only filter what I have in the rules above or does it provide additional security that isnt based on rules (ie, defaults in program).

    With the rules I have above, is having mod_security installed worth the overhead on apache?

  4. #4
    Greetings:

    1. Read the manual at http://www.modsecurity.org/documenta...nual-1.7.4.pdf to find out what mod_security does and does not filter.

    2. We find the overhead is not even noticible on the servers we manage (approximately 50).

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •