Security: denyhost and mod_security

I’m running CentOs 5.2 x64 with VM Bleeding edge repo.

I notice that denyhost and mod_security are not in any repo; not wanting to use 3rd party repo; I wonder why these are not in there; since they are not, I guess a better question would be do I need them?


I guess a better question would be do I need them?

My philosophy has always been, if you don’t know you need something, you almost certainly don’t. Fewer moving parts is nearly always better.

I’ve heard good things about both tools, but we don’t use either tool on any of our systems, and I’ve never had reason to recommend either tool particularly strongly.

If you have a specific tool you want to use that depends on mod_security, go ahead. But it’s usually not used too much without another tool or great familiarity. Too much work and easier ways to do some tasks. When used with a nice tool though, it works very well. Please note it definitely can break applications, so test esp. if you haven’t used it before.

But, as Joe said, if you don’t know you need it, you almost certainly don’t!