[BlueOnyx:11961] Re: mod_sec

[Don Teague]

This brings up another question then. Is mod_security something we could
add to the system ourselves? Or would there be other dependencies that
mod_sec would need, which would mess up other stuff.

I'll spin up another virtual to test with any day of the week. However
if it's going to be a completely futile effort, I'd rather know ahead of
time.

-- 
Don Teague
donteague.com


Michael Stauber wrote:
> Hi Don,
> 
> Yeah, mod_security is a pretty neat Apache module. I thought of 
> including it in BlueOnyx in some form or another sometime down the
> road. But so far it's not used yet.
> 
> The tricky part with such security solutions is always this: What
> works well for one person might be too strict for the other, or too
> lax for someone else. So usually once mod_security is installed,
> you'd need to tweak it's settings to best match your environment and
> the kind of sites you run. But it's sure worth a deeper look.
>