Re: Interests in mod_security support ?


Gwenn Etourneau
 

Guillaume,

Are you planning to support for nginx and apache ?
How are you going to maintain the rules ?


Thanks

On Fri, Jun 3, 2016 at 12:20 AM, Guillaume Berche <bercheg(a)gmail.com> wrote:

Hi,

I'm still interested in hearing feedback on this proposal. Up to now, Dan
Rosen suggested into [2] that Orange maintains a fork of php buildpack and
submits it to as an incubator project.

We're starting on this topic with trying to replicate the buildpacks ci in
our infrastructure. It's likely that the buildpack-ci [3] would have to be
slightly modified to support more parametrization (e.g. to run against
different github repo urls). I'd be interested if anyone in the community
managed to run its own buildpacks ci instance, and share experiences there.

Thanks,

Guillaume.

[2] https://github.com/cloudfoundry/php-buildpack/issues/144
[3] https://github.com/cloudfoundry/buildpacks-ci


Guillaume.

On Mon, May 2, 2016 at 5:05 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:

Hi,

Mod_security [1] is a flexible opensource web application firewall, which
runs configureable rules to detect and possible filter malicious incoming
HTTP requests received (XSS, SQL injection ....). Orange is preparing a PR
to add support for mod_security in the php_buildpack [2].

I'd be interested to hear if there is interest for such support in the
community and specific requirements/refinements over Orange's initial work
to be done.

Thanks in advance,

Guillaume.

ps: A possible future integration could also be packaged as a
fully-brokered route service in the future, which could be applying to all
buildpacks. As a 1st step, we focussed our effort to httpd within php
buildpack, mainly to avoid the added network hops implied by the
fully-brokered service

[1] https://www.modsecurity.org
[2] https://github.com/cloudfoundry/php-buildpack/issues/144


Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.