Welcome to WebmasterWorld Guest from 54.167.110.211

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Anyone using mod_security?

     
7:26 pm on Mar 14, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:June 15, 2003
posts:185
votes: 0


Would folks here generally recommend for or against mod_security given the likely increased server load?
11:20 pm on Mar 14, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Dec 11, 2003
posts:241
votes: 0


I run mod_security on all my sites, and I can't say I've noticed any significant increase in server load. I certainly feel happier running it than not. A small server with apache2 & mod_security even survived a recent "digg-ing" so I don't think you need to worry too much about its performance.
12:44 am on Mar 15, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:June 15, 2003
posts:185
votes: 0



Thanks for the reply. Have just installed mod_security for apache 1.x, but compiled against PCRE (to avoid speed issues mentioned when installing against apache 1.x). Also hard to tell if it's creating any increased server load. Am currenly running just these rule sets:

[gotroot.com...]

[gotroot.com...]

Are you running any other rule sets or a customized rule set?

9:58 am on Mar 15, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Dec 11, 2003
posts:241
votes: 0


We use a custom ruleset, designed mainly to check valid encodings and byte ranges as to hopefuly prevent buffer-overflows and requests containing shellcode.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members