[Oisf-users] writing custom rule
Nelson, Cooper
cnelson at ucsd.edu
Fri Feb 22 16:46:44 UTC 2019
This is a common discussion, recommend best practice is use a WAF for active defense and monitor the decrypted traffic with suricata.
Any time signatures are involved best practice is to have more than one source.
-Coop
-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Vieri
Sent: Friday, February 22, 2019 1:28 AM
To: Greg Grasmehr <greg.grasmehr at caltech.edu>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] writing custom rule
On Friday, February 22, 2019, 2:47:49 AM GMT+1, Greg Grasmehr <greg.grasmehr at caltech.edu> wrote:
>
> Your only option is to drop those connections on the destination
> server itself or you could also use a mod_security proxy to perform
> that action, a WAF is the optimal solution in cases like this.
Thanks. I'd like to protect a non-Apache https web server from external attacks.
I guess I would need to configure a reverse proxy with both Apache mod_proxy and mod_security.
I configured a Squid reverse proxy to my non-Apache server. Never tried Apache mod_proxy.
So, this is a non-suricata topic.
Thanks again,
Vieri
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list