[Owasp-infrastructure] OCMS - current status as of 2011-05-09

Tom Brennan tomb at owasp.org
Tue May 10 09:06:05 EDT 2011


Working on Owasp mod_security to be a managed WAF for us as well. The logs alone are valuable for the community

On May 10, 2011, at 8:30 AM, Mark Bristow <mark.bristow at owasp.org> wrote:

> Matt,
> 
> Good luck on your surgery!  Hope you get it all fixed up.
> 
> Just for everyone's SA, the application actually runs off the root directory /events is just one of the modules (there is also /registration, /accounts, /admin) with more modules planed for later in development.  It appears however that Matt's mod-rewrite redirects for all of these paths so we are good to go.
> 
> Larry, let me know when you get the wildcard cert in and I'll move the production system over to the new site and redirect ocms.owasptools.org -> ocms.owasp.org.
> 
> Thanks,
> -Mark
> 
> On Mon, May 9, 2011 at 11:28 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
> Larry & Mark, 
> 
> Here's what I've done this evening:
> Set the hostname to ocms.owasp.org permanently
> Moved /etc/apache2/conf.d/ocms.owasp.org to /etc/apache2/sites-available so that our setup will follow Debian Apache conventions
> Enabled SSL for ocms.owasp.org (using IP-based virtual host)
> Moved configuration details of ocms.owasp.org to ssl-ocms.owasp.org under /etc/apache2/sites-available
> Enables ssl-ocms.owasp.org site ( with # a2ensite ssl-ocms.owasp.org)
> Gutted ocms.owasp.org to only rewrite any request to SSL
> Setup an account for Larry to add the wildcard cert to the server
> Notes
> Currently, the site uses a default self-signed certificate
> All the Apache SSL configuration directives are in the file /etc/apache2/sites-available/ssl-ocms.owasp.org
> Currently, no syntax errors exist in the Apache conf and no warning are issued on a restart/reload
> Mod_rewrite will forward requests with a path so http://ocms.owasp.org/events will be redirected to https://ocms.owasp.org/events
> I will email Larry directly with his username.  I verified his account has sudo privs.
> I think that is it.
> 
> Reminder:  I'm having knee surgery tomorrow and will be out (for sure) all day tomorrow and slowing getting back to normal-ish over the next week.
> 
> Cheers!
> 
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> _______________________________________________
> Owasp-infrastructure mailing list
> Owasp-infrastructure at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-infrastructure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-infrastructure/attachments/20110510/0fe7be42/attachment-0001.html 


More information about the Owasp-infrastructure mailing list