You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Rose, John B" <jb...@utk.edu> on 2015/03/16 19:06:12 UTC
[users@httpd] mod_security and ironbee questions
1. Can anyone suggest a good base set of rules to utilize within mod_security?
2. While looking around for info on mod_security we came across some mentions of ironbee. Can someone give a comparison of the two?
3. What would you recommend to use? mod_security? Ironbee? Something else? Mixture?
Thanks
Re: [users@httpd] mod_security and ironbee questions
Posted by Nick Kew <ni...@webthing.com>.
On Mon, 2015-03-16 at 18:06 +0000, Rose, John B wrote:
> 1. Can anyone suggest a good base set of rules to utilize within
> mod_security?
Depends entirely on what you're looking to protect. Did you
look at mod_security's core ruleset as a startingpoint?
> 2. While looking around for info on mod_security we came across some
> mentions of ironbee. Can someone give a comparison of the two?
mod_security came first, and made Ivan's name. Having learned from
the experience, he and Brian then moved on to create Ironbee,
which is a much more general-purpose framework. I'm not sure
how much active development mod_security gets since its original
team moved on. The respective web sites will tell you more.
> 3. What would you recommend to use? mod_security? Ironbee? Something
> else? Mixture?
Neither - until you're clear about what goal you're seeking
to accomplish with a WAF.
Disclosure: I work on Ironbee, but I don't represent or speak for it.
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org