Hi Hans,

I found the information in Ivan Ristic's article here: http://www.net-security.org/article.php?id=1869&p=1 to be very informative.  He has several suggestions on how to mitigate the attack.  Hope you find it helpful.

Aaron


On Wed, Aug 7, 2013 at 12:30 PM, hans.klunder@xs4all.nl <hans.klunder@xs4all.nl> wrote:
Hi,

I'm rather new to mod_security

I'd like to insert a variable sized header on responses

e.g:
X-padding: xxxx
or
X-padding: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
etc

where the number of x-s randomly differs per response.

Is this possible with a standard rule or would I need to define a custom
function for this ?

KR,
Hans


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/