Topic: New contrib : mod_security2

[CharlieBrady]

Please tell us more about what it does!
Why should I use this for?
does it compare to snort?

Just a tiny bit of effort will provide answers to your questions:

http://www.google.com.au/search?q=mod_security2

[soprom]

Thanks Charlie, but I had already done that. But since I'm not good at ready rpms, I'd like to understand a little more if this is important or not in SME and if Snort does the same on a separate firewall.

[Fof]

Snort is an IDS and not a firewall. The currently firewall is Netfilter but it's used for intercepting and manipulationg the network package (filtering).
On the other hand, modSecurity is used for parsing the http headers because the most of attacks come from URL.

From the modsecurity doc :
"ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the
web application level, organisations need all the help they can get in making their systems secure. WAFs
are deployed to establish an increased external security layer to detect and/or prevent attacks before they
reach web applications. ModSecurity provides protection from a range of attacks against web applications
and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infra-
structure."

Is it better now ?