|
|
 | | A simplified frontend to mod_rewrite | |
The Capri add-on is basically a smart implementation of mod_rewrite combining RewriteMaps
and a series of Rewrite directives enabling possibilities to take advantage of most
features available with mod_rewite from an external configuration file at run-time.
Once the Capri main-configuration has been included in the main Apache configuration
there's all to it and you can concentrate on the capri.conf solely for setting up
new interceptors and assign actions pretty much as you would do with mod_rewrite,
but without struggling with its hard-to-handle directives.
The capri.conf is cached in-core and changes are picked up automatically at a modtime
change. Request interceptors (Capri-directives) can be added, modified or
deleted while Apache is running without need of a restart.
With the capri-protocol you can perform just about anything that mod_rewite can,
plus performing log-blocking, do conditional delegation etc. on a per-request basis.
| | | | | Defeating Internet worms with Capri | |
Capri is the next evolutionary step of the late Wormhook add-on and like its predecessor,
fully equipped to deal with worms like Nimda, Code Red and any future one.
Bundled with Capri comes a Anti-Worm Toolbox written in PERL, enabling you to take full
control of these attacks. Now you might say; Hey but isn't Apache immune against these attacks!
Yup you are correct, but as any Apache administrator you certainly have watched your access and
error logs being bloated all over by these nasty worms. Besides wouldn't
it be cool if you could attempt to alert someone incharge of the network segment at the remote end
about their infected machine and prevent further spreading in real-time. And how about participating
in the world-wide battle against bandwidth-bloating by reportnig infected hosts to the public
"Internet Worm Registry".
Capri comes with pre-defined templates for handling Code Red I && II and Nimda attacks, which you
can further customize for your specific needs. Read more about the Capri Anti-Worm Toolbox.
| | | |
You may have heard of other PERL modules like Apache::CodeRed and Apache::Nimda
for customized dealing with worms under Apache. And yes, they do an equal job as CapriAWT,
if you are running mod_perl that is. CapriAWT differs in the way that it isn't
built ontop of mod_perl, but runs in vanilla CGI-mode so as long you can run PERL scripts
on your sysytem, CapriAWT is GO out of the box. Another advantage is that with the mod_perl
specific items, you'll have to rely on someone writing a new module whenever a new worm hits
the Internet, while with the CapriAWT API you can easily create a new snippet taking care of
that new nasty one, simply by copying the code from an old interceptor, modifying the message
accordingly, add a new entry in capri.conf and your are done. Did that sound messy ?
OK, since I am such a nice fellow and am also using CapriAWT on my set of boxes, I will be knocking
up interceptor-scripts for any future worm or other malicious HTTP-based equivalent for personal
use anyway, so why not share them with anyone interested. These will made available in the Capri
section of our site or by request to capri@saltstorm.net.
| | | | | Performance | |
There has been some discussion about whether there might an overall performance decrease
when enabling the Capri add-on since it adds up quite alot of job to the rewrite engine.
Well, initially this was true to some extent, but with the 1.00 release, all to me known
optimization tweaks have been introduced. All requests are now initially checked against
the in-core cached capri.conf for a matching capri-interceptor and if there is no match,
capri will immediately skip all further capri-related processing for that request.
Please consult the step-by-step directive-comments in apache-capri.conf for an
indepth view how the rule chain is applied. If you are somewhat knowledged about mod_rewrite
you should be able to verify that the Capri rule-set brings no more overhead on a
non-applicable request than two vanilla RewriteRules would.
| | | | |
|
Copyright(c) 2001-2005 Saltstorm.
All rights reserved.