Re: [fw-wiz] preventing XSS and SQL injection?
From: ArkanoiD (ark_at_eltex.net)
To: "J. Oquendo" <firstname.lastname@example.org> Date: Fri, 3 Jun 2005 00:02:31 +0400
Again, it is reasonable approach when protecting server, but does not work
at all when protecting client. At least the ruleset your refer to.
On Thu, Jun 02, 2005 at 04:01:22PM -0400, J. Oquendo wrote:
> On Thu, 2 Jun 2005, ArkanoiD wrote:
> > becuase it is too hard to convert history to a formal description. doing it
> > not smart enough will lead to necessarity of adding new patterns daily or
> > even hourly ;-)
> Too hard? Nonsense. If you say you have an assessment of normal patterns,
> a two week interval would should you enough you would need to go by to get
> some form of template going. Adding the remaining anomolies would be
> child's play. New patterns daily or even hourly? My guess is you would
> want to be more specific in your question. Is this web traffic only, does
> it include say VOIP traffic, messenger(s) traffic, DHCP traffic, tunnels.
> For httpd based injection I use mod_security, and I also use
> mod_dosevasive which work just fine. Need a sample mod_security conf you
> could see all the nifty little annoying rules I added to this machine:
> Good luck there are crapload. And you're on your own viewing redirected
> URL's... (You've been warned).
> mod_security for httpd works wonders. As for the firewall level, IDS
> level, I'm sure if you took the time you could get it working by taking a
> snapshot. Anything else sounds like an excuse to avoid going the obvious
> J. Oquendo
> GPG Key ID 0x97B43D89
> To conquer the enemy without resorting to war is the most
> desirable. The highest form of generalship is to conquer
> the enemy by strategy." - Sun Tzu
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
firewall-wizards mailing list