Good Job Juan!

On Sun, Oct 9, 2011 at 11:46 PM, Juan calderon <juan.calderon@owasp.org> wrote:
Hello All

Just keeping you updated, I didn't make it to release WAF this week as planned, yet this is how I am doing so far.


The Following variables are now available:
ARGS, ARGS_NAMES, QUERY_STRING, REMOTE_ADDR, REQUEST_BASENAME, REQUEST_COOKIES, REQUEST_COOKIES_NAMES, REQUEST_FILENAME, REQUEST_HEADERS_NAMES, REQUEST_HEADERS, REQUEST_METHOD, REQUEST_PROTOCOL, REQUEST_URI, REQUEST_URI_RAW, RESPONSE_CONTENT_TYPE.

Operators
Actions
Transformation Functions
Phases
    phase:1 - Request headers stage
    phase:2 - Request body stage
    phase:4 - Response body stage

Phase 3 is not available in Java, thus, Java 4 will be used as a fall back to phase 3 actions.

Also support for individual Mode Security rules and external rule files is implemented so you can embed Mod_Security rules in current XML configuration file or "include" a whole rules file ot the WAF rule-set.

Missing parts are:
1. Response variables are still not available
2. Some actions are missing like "skip" and "chain"
3. Mod_Security format logging is still not implemented.

So as you can see we are almost there, yet, some work is still missing. Now since I am in charge of OWASP Day Mexico 2011, I do not expect to have any advance for the next 30 days until the event finishes on Nov 11. so my new target date is Dec 25 I think it will be a good christmas gift.

Regards,
Juan Carlos


On Thu, Apr 21, 2011 at 10:24 PM, Juan calderon <juan.calderon@owasp.org> wrote:
Hello Guys

My name is Juan Carlos Calderon I live in Mexico and I am creating the ModSecurity Java Port by including Level 1 Port Specification functionality to OWASP Java WAF. I want to give you a small update on my advance.

The Following variables are now available:
ARGS, ARGS_NAMES, QUERY_STRING, REMOTE_ADDR, REQUEST_BASENAME, REQUEST_COOKIES, REQUEST_COOKIES_NAMES, REQUEST_FILENAME, REQUEST_HEADERS_NAMES, REQUEST_HEADERS, REQUEST_METHOD, REQUEST_PROTOCOL, REQUEST_URI, REQUEST_URI_RAW, RESPONSE_CONTENT_TYPE.

Phases
    phase:1 - Request headers stage
    phase:2 - Request body stage
    phase:4 - Response body stage

Phase 3 is not available in Java, thus, Java 4 will be used as a fall back to phase 3 actions.

Little by little the port is taking shape.

Regards,
Juan Carlos Calderon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php