[TYPO3-project-waf] More restrictive rulesets
Lars Erik Dangvard Jensen
lars at dcmediahosting.com
Tue Oct 21 23:13:29 CEST 2008
In article
<mailman.1.1223714663.11097.typo3-projects-waf at lists.netfielders.de>,
Ben Wardle <info-nospam at netefficiency.co.uk> wrote:
> Hi list,
>
> I heard about this project at yesterday's security talk at T3CON8, and
> thought I'd say hello.
>
> We use a much more restrictive mod_security default ruleset for our servers,
> based on a combination of rules from Mod Security and
> http://www.gotroot.com/ These rules also deal with a number of issues
> relating to spam, and some image bandwith theft.
>
> We then use a very narrowly defined set of exceptions to allow as little as
> possible through (the essentials). If anyone else is interested in this
> approach, I'd be happy to share some advice and ideas.
>
> After using this system for a few months we're looking at additional steps
> such as adding certain IPs to our firewall drop rules when certain attacks
> are detected.
>
> All the best from sunny Berlin,
>
> Ben.
Hello Ben
I completely understand why you are using a more restrictive rule set.
The goal for TYPO3 WAF is not to maintain a big set of custom rules
containing banned IPs etc. But rather a rule set _for_ TYPO3.
"Our goals with TYPO3 WAF. To create a minimal (server performance wise)
rule set for TYPO3 and extensions which address very generic methods of
attacking and TYPO3/extension security holes."
See http://docs.google.com/View?docid=dfmxfb6f_4gs6fm4 for more
information.
Of course if you have some rules that address specific TYPO3
vulnerabilities you are welcome to share, in fact that's the point of
the whole TYPO3 WAF project :)
I should note that the current rule set is outdated, I will update this
soon, so we have a base for a new rule set. Then it's time to begin to
look at current security issues and create TYPO3 oriented rules...
And we really need more people to test, contribute and stay on this
list, so you're welcome to stay :)
Lars
More information about the TYPO3-project-waf
mailing list