[Snort-users] Snort - VPS web server (Debian)

Edward Fjellskål edwardfjellskaal at ...11827...
Tue Aug 30 14:05:09 EDT 2011


On 08/30/2011 05:08 PM, Mike Lococo wrote:
> As mentioned, mod-security will let you do signature-based blocking of 
> http attacks (the kind that really matter for a web-server) in just a 
> couple of megs of ram and there are some rulesets that I believe are 
> decent out there like the owasp set.
> 
> Cheers,
> Mike Lococo

Just to add to the fire...
You can use Varnish, which not only accelerate your site, but
including security.vcl or methods alike, adds some extra level
of security (like mod_security).

https://github.com/comotion/security.vcl/

Example of rules:
https://github.com/comotion/security.vcl/blob/master/vcl/modules/sql.vcl

Feedback and comments are welcome :)

---
I used to run snort (sguil sensor(snort,daemonlogger,cxtracker)) on a
128MB VPS... Worked fine for me :) (but there was not much traffic so...)


E




More information about the Snort-users mailing list