[TYPO3-waf] [TYPO3-project-waf] WAF project: brainstorming
Dmitry Dulepov
dmitry.dulepov+t3ml at gmail.com
Tue Feb 2 14:45:15 CET 2010
Hi!
On 2010-02-02 11:29:28 +0200, Steffen Müller said:
> What about a whitelist?
> I have been working with firewalls some years ago and the we used to
> configure the portfilters by explicitly ALLOW some rules and DENY the
> rest. That was possible because we knew all ports which had to be open.
> Since an TYPO3 administrator should know all GET/POST params of his
> website (and the according types), filtering on a whitelist basis
> should be possible.
>
> Would this be a reasonable scenario for WAF? What do you think?
An idea was to set up a set rules that anybody can download and use. So
we cannot ~make~ a whitelist because there are nearly 4000 extensions
in TER and every company has its own. But we definitely should
~explain~ how to make whitelists!
Great idea, I think! Thanks!
--
Dmitry Dulepov
TYPO3 expert / TYPO3 core team member / TYPO3 security team member
Read more @ http://dmitry-dulepov.com/
More information about the TYPO3-project-waf
mailing list