Best kept TYPO3 secret: WAF
The security team long time ago promised to release a ruleset for a Web Application Firewall (WAF) based on Apache's mod_security. Some are still waiting for an official announcement after the conference talk at T3CON07. And some have heard about it on todays talk at T3CON08.
For those who can't wait any longer for official announcements: it's already there since, well, since the beginning of this year I guess. The waf-newsgroup lacks a bit in activity (4 postings in one year), but one postings already revealed the secret on January 2008:
The ruleset hides at http://typo3.org/waf.txt
I didn't test it but had a quick look at the file. It's a quite short configuration and I could not spot any TYPO3 specific rules. One lines points to an external file called modsecurity_crs_9999_typo3.conf but I couldn't find that file. Well, waf.txt also reveals that the current version was written on September, 2007. So maybe a newer one is already released, but kept secret somewhere else ;-)
Comments
Leave a comment:
About this site
At the moment, T3node is a TYPO3 blog by Steffen Müller. Beside TYPO3, technical and nontechnical topics about free software and the internet are discussed.
This blog is also a personal survey about what motivates me to write this blog and what issues are worth writing. Statistically, my motivation to do this is probably to
1. express myself
2. connect with other people
3. share knowledge with other people
All contents are distributed under the Creative Commons Attribution - NonCommercial - ShareAlike 3.0 Unported licence.
Article tags
When will the rules for Typo3? I look forward to for so long.