You can find a rule set for using ModSecurity with TYPO3 installations here. The rule set consists of pretty inelegant exceptions to entire rules, but at least it should enable using ModSecurity with TYPO3

If you are using Pingdom, a service for monitoring web sites, you will need to white list the service IP addresses to make it work with the core rule set. You can find rules to do so here.

A new ModSecurity book, of for that matter WAF book, is rare enough and I was overjoyed that one ModSecuirty book was released earlier this week. What can I say now that two ModSecurity books where released in the same week!

I tend to think that technical books are obsolete. The rate of change in software and systems makes them outdated before they hit the bookshelves, even if these are virtual books and virtual book shelves. The tedious writing, editing and publishing cycle makes a book better but old. Community generated content such as blogs and forums seems to provide a much better documentation than books.

Breach has release a new version of ModSecurity which fixes a vulnerability that may lead to an evasion. As stated in the release announcement sent to the mailing list by Brian Rectanus, by using non-standard (but accepted by some platforms) quoting, ModSecurity may be fooled into thinking some parameters are uploaded files.

Nix101 posts a light weight version of the gotroot rule set targeted at shared hosting servers. The rule set removed old stuff and rules that are too dangerous for shared environment.

You can the rule set here.

Using ModSecurity with mod_defalate can be challenging. An interesting post on the ModSecurity mailing list explains how this can be achieved.

Well sure it works. However a short blog entry of an insulted WordPress lover shows that it also delivers security.

The story is quoting a hosting provider recommending to a client to be very careful with a WordPress installation as it is often defaced, and the reason? WordPress does not work well with ModSecurity and therefore an exception is needed to remove ModSecurity protection. This results in the WordPress site being defaced more often...

The most comprehensive resource about ModSecurity is by far the ModSeecurity mailing list. I don't like any of the list archives, as each one has its limitations.

Guides

• Max Garrick provides an excellent guide on how to tune a rule set for your own environment. Note that this is check list and not a step by step guide.