Mod_security to mitigate vuln in openemr

gsporter wrote on Sunday, January 22, 2012:

I am getting ready to set up mod_security on my openemr server to mitigate as many potential vuln as possiable till the move to the new security model is completed.

I usually compile the stable version ( 2.6.3) and use the ModSecurity Core Rule Set (CRS) (2.2.3)  Setting up the rules can be a long and drawn out affair since differant rule sets break differant things in differnat applications.   Basically I have just had to turn on a rule test EVERYTHING, then move on to the next rule.

To save time I though I would ask the forum users what rules they are using that work!  

If you are not familar with mod_security

http://www.modsecurity.org/

ModSecurity for Apache

Native implementation of the web application firewall, working as an Apache module.
An application firewall is a form of firewall which controls input, output, and/or access
from, to, or by an application or service. It operates by monitoring and potentially blocking
the input, output, or system service calls which do not meet the configured policy of the
firewall. The application firewall is typically built to control all network traffic on any OSI
layer up to the application layer. It is able to control applications or services specifically,
unlike a stateful network firewall which is - without additional software - unable to control
network traffic regarding a specific application.

ModSecurity Core Rule Set (CRS)
A collection of rules designed to detect common web application attacks, which turns
ModSecurity into a Web Intrusion Detection tool

phongtrang wrote on Monday, January 23, 2012:

I’m using internal web server behind a firewall, so I don’t have to worry about web security issue. In my opinion, you are vulnerable on the internet unless you use encryption secure login. Even so, it takes quite a bit of effort to keep it secure.