[TYPO3-project-waf] More restrictive rulesets

[Lars Erik Dangvard Jensen]

In article 
<mailman.1.1223714663.11097.typo3-projects-waf at lists.netfielders.de>,
 Ben Wardle <info-nospam at netefficiency.co.uk> wrote:

> Hi list,
> 
> I heard about this project at yesterday's security talk at T3CON8, and
> thought I'd say hello.
> 
> We use a much more restrictive mod_security default ruleset for our servers,
> based on a combination of rules from Mod Security and
> http://www.gotroot.com/ These rules also deal with a number of issues
> relating to spam, and some image bandwith theft.
> 
> We then use a very narrowly defined set of exceptions to allow as little as
> possible through (the essentials). If anyone else is interested in this
> approach, I'd be happy to share some advice and ideas.
> 
> After using this system for a few months we're looking at additional steps
> such as adding certain IPs to our firewall drop rules when certain attacks
> are detected.
> 
> All the best from sunny Berlin,
> 
> Ben.

Hello Ben

I completely understand why you are using a more restrictive rule set. 
The goal for TYPO3 WAF is not to maintain a big set of custom rules 
containing banned IPs etc. But rather a rule set _for_ TYPO3.

"Our goals with TYPO3 WAF. To create a minimal (server performance wise) 
rule set for TYPO3 and extensions which address very generic methods of 
attacking and TYPO3/extension security holes."

See http://docs.google.com/View?docid=dfmxfb6f_4gs6fm4 for more 
information.

Of course if you have some rules that address specific TYPO3 
vulnerabilities you are welcome to share, in fact that's the point of 
the whole TYPO3 WAF project :)

I should note that the current rule set is outdated, I will update this 
soon, so we have a base for a new rule set. Then it's time to begin to 
look at current security issues and create TYPO3 oriented rules...

And we really need more people to test, contribute and stay on this 
list, so you're welcome to stay :)

Lars