Slashdot Mirror
New Apache Module For Web Intrusion Detection
ivan.ristic writes "Mod_security 1.7 has been released. Mod_security is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. The latest release adds output scanning to Apache 2.x; the ability to analyze cookies; functionality to change the identity of the web server; several new actions for rule grouping; new null-byte attack anti-evasion code."
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!
Why not? It's quick and easy - only 3 simple steps!
First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it.
Second, you need to succeed in posting a GNAA "first post" on slashdot.org, a popular "news for trolls" website
Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!
If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.easynews.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.
If you have mod points and would like to support GNAA, please moderate this post up.
This post brought to you by Penisbird , a proud member of the GNAA
G_____________________________________naann_______ ________G
N_____________________________nnnaa__nanaaa_______ ________A
A____________________aanana__nannaa_nna_an________ ________Y
A_____________annna_nnnnnan_aan_aa__na__aa________ ________*
G____________nnaana_nnn__nn_aa__nn__na_anaann_MERI CA______N
N___________ana__nn_an___an_aa_anaaannnanaa_______ ________I
A___________aa__ana_nn___nn_nnnnaa___ana__________ ________G
A__________nna__an__na___nn__nnn___SSOCIATION_of__ ________G
G__________ana_naa__an___nnn______________________ ________E
N__________ananan___nn___aan_IGGER________________ ________R
A__________nnna____naa____________________________ ________S
A________nnaa_____anan____________________________ ________*
G________anaannana________________________________ ________A
N________ananaannn_AY_____________________________ ________S
A________ana____nn_________IRC-EFNET-#GNAA________ ________S
A_______nn_____na_________________________________ ________O
*_______aaaan_____________________________________ ________C
um, dolor. Nunc nec nisl. Phasellus blandit tempor augue. Donec arcu orci, adipiscing ac, interdum a, tempus nec, enim. Phasellus placerat iaculis orci. Crasa sit amet quam. Sed enim quam, porta quis, aliquet quis, hendrerit ut, sem. Etiam felis tellus, suscipit et, consequat quis, pharetra sit amet, nisl. Aenean arcu massa, lacinia in, dictum eu, pulv
new null-byte attack anti-evasion code
Wait...wouldn't null-byte attack anti-evasion code be code that prevented evasion of null-byte attacks? Or should I go for that second cup of coffee and try parsing it again?
-- MarkusQ
I don't want to start a holy war here, but what is the deal with you Apache fanatics? I've been sitting here at my freelance gig in front of a Apache box (a P4 2.4 w/1024 Megs of RAM, on an Qwest OC3) for about 20 minutes now while it attempts to copy a 17 Meg file from one directory on the hard drive to another user. 20 minutes. At home, on my Pentium Pro 200 running NT 4/IIS 4 (On a dual T1, no less!), which by all standards should be a lot slower than this Apache box, the same operation would take about 2 minutes. If that.
In addition, during this file transfer, PHP will not work. And everything else has ground to a halt. Even mod_perl is straining to keep up as I type this.
I won't bore you with the laundry list of other problems that I've encountered while working on various Apache machines, but suffice it to say there have been many, not the least of which is I've never seen a Apache box that has run faster than its Windows counterpart, despite the Apache machines faster chip architecture. My 486/66 cable modem router with 8 megs of ram runs faster than this 2400 mhz machine at times. From a productivity standpoint, I don't get how people can claim that Apache is a "superior" server.
Apache addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a Apache over other faster, cheaper, more stable httpd daemons.
OK, this is so much worse than the games section...
To try and pull the subject away from the usual trolls, this sounds like something I really need on my web server.
Has anyone tried it? Any success or failure stories?
D
YHL HAND
Would it be *that* much work to drop the apache and geeks in space sections and add a culture section (for movies, music, things to do on saturday night (that don't involve a computer), etc?
I don't want to start a holy war here, but what is the deal with you Apache fanatics? I've been sitting here at my freelance gig in front of a Apache box (a P4 2.4 w/1024 Megs of RAM, on an Qwest OC3) for about 20 minutes now while it attempts to copy a 17 Meg file from one directory on the hard drive to another user. 20 minutes. At home, on my Pentium Pro 200 running NT 4/IIS 4 (On a dual T1, no less!), which by all standards should be a lot slower than this Apache box, the same operation would take about 2 minutes. If that.
In addition, during this file transfer, PHP will not work. And everything else has ground to a halt. Even mod_perl is straining to keep up as I type this.
I won't bore you with the laundry list of other problems that I've encountered while working on various Apache machines, but suffice it to say there have been many, not the least of which is I've never seen a Apache box that has run faster than its Windows counterpart, despite the Apache machines faster chip architecture. My 486/66 cable modem router with 8 megs of ram runs faster than this 2400 mhz machine at times. From a productivity standpoint, I don't get how people can claim that Apache is a "superior" server.
Apache addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a Apache over other faster, cheaper, more stable httpd daemons
than snort? easier to setup?
Quod scripsi, scripsi.
-- The WIPO Avenger
The article's description of mod_security as a "powerful umbrella shielding applications from attacks" seems to oversell it. If you have a known app with a known exploit, you can use mod_security instead of fixing the app. But even the mod_security docs themselves say it's better to fix the app.
For apps which accept arbitrary text input (most do!) a general filter against, e.g. "insert into", is a bad idea? This slashdot post includes those two words together; you have to be specific about which inputs get filtered how. Again, this is better done in the app itself.
I had to browse the site to see what this does, this overview page was good.
It reminds me of URLScan for MS's IIS - but with extra features.
how is the parent a troll but the preson who originally replied not offtopic?
no text
...you can of course spin up Apache on another box, preferably not the firewall, and set it up in proxy mode to forward the requests. Though this generates some SSL issues. Mabye you could even use mod_balance and have a security appliance / load balancer?
Of course Checkpoint already offer this functionality in FW-1 NG to a limited degree, and Netscreen are introducing it across their range as a free update (for those with a software subscription) in ScreenOS 5 later this year or early next.
"The Bat-sploits of the Masked Meddlers will rebound from my giant electronic umbrella!! Nyah, nyah!"
http://members.tripod.com/~AdamWest/peng.htm
Speaking as a bruised and bloody firewall administrator, implementing anything above layer-3 on a large firewall deployment is a bad idea. I am assuming by the use of Firewall-1 that this is a large deployment.
Many of the firewalls I have been involved with support 10-50 applications, or sometimes even more. When it comes time to do an upgrade I don't have time to properly investigate how the next version of firewall code might affect or be affected by features of each application. This is especialy true when some or all of the applications use overly complex network models like Micro$oft is known to require.
Always push complexity to the edges of the network where it can be managed one app at a time.
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it.
A. Perlis
XML is the best data format; unless your data needs to be read or written by a human or a computer.
Or run Apache in chroot()ed environment. Or even better in a FreeBSD jail. Anyone done that? Experiences?
cpghost at Cordula's Web.
They just find a new bridge to hang out under. Looks like this one figured out how to use the search-and-replace feature.
(Score: -1, Stupid)
Tegatai Systems has been using mod_security in its development labs recently. It has been determined through white and blackbox testing that mod_security needs more work before it will be stable enough for wide-spread production use.
http://www.microsoft.com/technet/security/tools/ur lscan.asp
Nice to see Apache adding this functionality. As a web admin, the availability of another layer of security is always appreciated.
I have recently written an article for SecurityFocus on how mod_security can be used as part of a Apache reverse proxy: Web Security Appliance With Apache and mod_security