Comments (2)
zimmerle
commented on June 18, 2024
Hi @CanadianJeff,
The integration of an application-layer-firewall (e.i. ModSecurity) within a network-layer-firewall is something possible and seems like suit your specific use case that you have presented. There are, however, some things that should be tackled very carefully; one of those is the privilege separation.
In order to achieve such an objective, I recommend the utilization of SecRuleScript or exec action. Those could be used to trigger an external resource on your server. Could be used, for example, to manipulate a temporary database within the IP addresses that should be blocked in the network layer. This database could be consulted by an external process that will manipulate the iptables rules accordingly.
from modsecurity-apache.
CanadianJeff
commented on June 18, 2024
I would kinda like to revisit this?
from modsecurity-apache.
Related Issues (20)
- Unable to compile on Ubuntu 18.04.4 HOT 2
- --prefix and DESTDIR ignored by make install HOT 1
- cannot use SecRule "Invalid command 'SecRlue'" HOT 7
- ModSecurity SecRequestBodyAccess Off still process the POST request
- Configurations style? HOT 4
- Clarification of “external file” comment HOT 2
- Clarification of “What is not yet supported” comment HOT 1
- What does "ModSecurity-apache is unstable" mean, exactly? HOT 2
- The modsecurity-apache v2.9 rule chain always appears #conforms
- Under mod_ruid2 ot mod_mpm_itk SecAuditLog is only being logged to when request is to an IP (or localhost)
- Future plans? HOT 5
- Apache connector 3.0 not factoring in RemoteIPHeader like mod_security2 HOT 2
- apache graceful restart + Apache connector + rules = memory leak HOT 3
- modsec3 module not loaded for Linux 7.2 os version
- Unable to disable module once loaded HOT 3
- Segmentation Fault in modsecurity_log_cb (Security) HOT 1
- v3.0.5 of ModSecurity breaks apache connector
- How to use OWASP CRS? HOT 1
- Plans for production readyness? HOT 1
- Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity-apache.