We're gonna get together one day

Tuesday, 28 March 2006

A free mod_security replacement?

Once upon a time I was interested in writing something to filter, sanitize, and otherwise protect incoming Apache requests.

Then I learnt that it already existed, and was called mod_security.

(Initially I was suprised it was written as an Apache module, rather than a proxy, but I think it makes sense to code it that way now).

Now I learn the license makes it non-Debian-friendly.

So I we? need a free replacement.

Writing the engine is almost trivial. The value comes from the rules (which should ideally be seperate a la snort – but freely redistributable), and to a lesser extent the simplicity of the rule-writing process / flexibility of the rule-engine.

My time is tight, but it is a genuinely interesting area to me.

Wanna play?

| No comments



Recent Posts

Recent Tags