homepage Welcome to WebmasterWorld Guest from 54.204.77.26
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Anyone using mod_security?
javahava




msg:1523681
 7:26 pm on Mar 14, 2006 (gmt 0)

Would folks here generally recommend for or against mod_security given the likely increased server load?

 

uncle_bob




msg:1523682
 11:20 pm on Mar 14, 2006 (gmt 0)

I run mod_security on all my sites, and I can't say I've noticed any significant increase in server load. I certainly feel happier running it than not. A small server with apache2 & mod_security even survived a recent "digg-ing" so I don't think you need to worry too much about its performance.

javahava




msg:1523683
 12:44 am on Mar 15, 2006 (gmt 0)


Thanks for the reply. Have just installed mod_security for apache 1.x, but compiled against PCRE (to avoid speed issues mentioned when installing against apache 1.x). Also hard to tell if it's creating any increased server load. Am currenly running just these rule sets:

[gotroot.com...]

[gotroot.com...]

Are you running any other rule sets or a customized rule set?

uncle_bob




msg:1523684
 9:58 am on Mar 15, 2006 (gmt 0)

We use a custom ruleset, designed mainly to check valid encodings and byte ranges as to hopefuly prevent buffer-overflows and requests containing shellcode.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved