Idea: Adaptive paranoia level #2240
Comments
|
I thought about this before and I would be interested to hear people experiment with it. Perfect feature for a plugin. |
|
Have you tried out your implementation, @azurit? How did it go? I'm covering this idea / concept in my blog post at https://coreruleset.org/20211028/working-with-paranoia-levels/. Do you think my concerns apply or would you use it nevertheless and add it to the list of official plugins? |
|
I have a working plugin ready. It's able to set paranoia or executing paranoia level based on geoip (you can assing ISO codes to paranoia levels using configuration file). I read your blog post and i think there are situations where this feature can be usefull but it must be used wisely. |
|
Sounds good. This is scheduled for the chat tonight. I think it's worthwhile to do a plugin around this idea. What I am unsure is whether we want to make it an official plugin or a 3rd party plugin. Also has a bit to do with the GeoIP support in ModSec. |
|
I found a way how to use also external source of geoip data (for example mod_geoip2 / mod_maxminddb). |
|
This issue has been open 120 days with no activity. Remove the stale label or comment, or this will be closed in 14 days |
|
@azurit, OK if we close this? |
|
Yes, closing for now. |
Uh oh!
There was an error while loading. Please reload this page.
Motivation
I was thinking about doing paranoia level some kind of adaptive to the request so, for example, if the IP address is suspicious, paranoia level will be automatically raised. On the other hand, PL can be lowered for known IPs.
Paranoia level can be changed based on these parameters:
What do you think?
Proposed solution
I have working prototype of the plugin which is able to change paranoia level based on geoip.
The text was updated successfully, but these errors were encountered: