Modsecurity has rules

• mod_security.conf
• Inside modesecurity.conf....l
• load mod_security2.so and mod_unique_id.so
• opensource...but not an apache project
• you dont want to modify the core rule sets
• 2 place to do things
• (1)There's a file to put local rules....modsecurity_localrules.conf
• ....processed after their rules....modsecurity_crs
• (2) in the directives for your moduels
• When they talk about inheritance, they're really talking about scope
• looked at httpd.apache.org....section 2.2.2
• When you put in a new config file, you visit modsecurity.d/modesecurity_crs_10_config.conf, you move from SecRule? on to DetectionOnly? ....
• SecRule? Engine off..../ then RuleInheritance? off/ DetectioOnly? / and then watch the logs to see what you should be
• /etc/httpd/logs/modsec_audit.log
• grep -i "method not implemented" *
• Had to make the SecRule? post|get instead of just post...bcos we needed GET when finalizing registration
• Apache...ErrorDocumentDirective....
• Use https://....TwikiRegistration.....
• SSLOptions can be constricted by...
• Look at Hilary's bookmarks.....
• Whats the difference between errors 401 and 403?
• modsecurity generated effect
• The things in the SSL log are more coherent
• Access denied - edit twiki redirect host
• sudo -u apache ....how do you sudo into another user?

/etc/httpd/conf.d

• want people to understand what they're doing
• separate .conf files
• include all config file