RE: Tool like IISLockdown or URLScan

From: Dawes, Rogan (ZA - Johannesburg) <rdawes(at)deloitte.co.za>
Date: Tue Jul 01 2003 - 11:55:05 EDT

Try mod_security

>From Ivan Ristic's email to this list on the 30th May :

Mod_security 1.5 has been released. It is immediately available for download from:

    http://www.modsecurity.org/download/

This is a major release, containing significant new functionality. The most important changes are: Apache 2.x compatibility, new web site, and comprehensive manual.

About mod_security

---

Mod_security is an Apache module whose purpose is to protect vulnerable applications and reject human or automated attacks. It is an open source intrusion detection and prevention system for Apache. In addition to request filtering, it also creates Web application audit logs. Requests are filtered using regular expressions. Some of the things possible are:

• Apply filters against any part of the request (URI, headers, either GET or POST)
• Apply filters against individual parameters
• Reject SQL injection attacks
• Reject Cross site scripting attacks

With few general rules mod_security can protect from both known and unknown vulnerabilities.

Changes (v1.5)

---

• Apache 2.x compatibility
• Added SecFilterInheritance
• Added SecFilterByteRange
• Added SecFilterCheckURLEncoding
• A few bug fixes
• New web site @ www.modsecurity.org
• Comprehensive manual

> -----Original Message-----

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre(at)Deloitte.co.za. Received on Tue Jul 1 13:33:29 2003