hi everyone.

i'm searching about mod_security rules for a quite long time now. i've seen owasp rules at linode library and been told about gotroot(atomicorp) rules on a community. i've tried both but i've experienced too many problems(too many false positives) and i am still not sure if those can really protect me?

anybody there who can give some advice with this?

thanks!

We had have a nightmare with mod_sec on one of our site (not linode). What we learnt is it is always a good practice to apply the default rules and go for trial and error.

If you get false positives for certain rules comment them out on .htaccess

And oh - sometimes people find some rules on various security blogs and apply them without thinking twice. My opinion is stick to the mod_sec site unless you are a security ninja.

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

And what exactly are you trying to protect?

Amazing how much time and effort people spend trying to lock down the latest dancing hamster site.

If you have real security needs, then why are you trying to do it yourself? Hire a security consultant that backs up their work with a a known track record and liability insurance.

If it's not worth hiring a security consultant, then most likely it's not worth wasting any time on what so ever in trying to lock it down yourslef. There's always a few hackers that are several steps a head of your game.

Instead, spend the time on BACKING IT UP and MONITORING IT. Then if you ever do get hacked, just wipe it clean and start fresh and you're done. Except this time, patch whatever loophole the hacker came thru.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.