[mod-security-users] New ModSecurity Initiative: Cool Rules
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-01-26 17:52:03
|
Greetings Everyone, After seeing Mauro's email below, I thought that it was a perfect time to send this out. =20 =20 I would like to announce a new initiative and ask for your participation. The ModSecurity "Cool Rules" initiative is a community-based effort where ModSecurity users can openly submit and share their own rules that they created to solve complex or unique issues. These issues are not covered by the Core Rule set. How have ModSecurity rules helped you tackle some of web security challenges? Some example rules might address challenges such as identifying and responding to brute force attacks, tracking session-based attacks and virtual patches for newly discovered vulnerabilities. If you have a cool rule, we want to see it! =20 =20 Please submit your rules to the ModSecurity mail-list. When you send the rule, please include a brief overview of the problem you are trying to address, as well as, the accompanying ModSecurity rules with proper comments specifying what each section of the rule is trying to accomplish. The rules will then be evaluated for aspects such as; use of ModSecurity 2.0 features, complex chained rules (that help to minimize false positives), optimized regular expressions, etc... When we receive a great rule, we will do the following - =20 * Create a Blog entry on the rule * Include the rule in an upcoming Cool Rules webcast. The user who submitted the rule will receive proper credits. * Send the user some ModSecurity merchandise - such as a ModSecurity t-shirt! =20 Please keep in mind that the rules received from this initiative probably will not be incorporated back into the Core Rule set as they are not generic in nature. The value of providing these rules to the public is as examples of what can be done to address web security problems. Other users may then be able to tweak the rule a bit for their own web application and then use it. =20 So, for all you ModSecurity experts out there who normally just lurk on this list, it is time to speak up and make yourselves known! =20 P.S. - we will be putting up a "Cool Rules" section of the modsecurity.org website in the near future to provide supplemental information and status of rules received. I will send out an announcement when this happens. =20 We look forward to hearing from you. =20 --=20 Ryan C. Barnett Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of Mauro Rappa Sent: Thursday, January 25, 2007 9:30 AM To: mod...@li... Subject: [mod-security-users] Session - IP lookup table =20 =20 Hi all, i'd like to create a sort of lookup table, to prevent session stealing. I saw an example of IP tracking: SecAction initcol:ip=3D%{REMOTE_ADDR},setvar:ip.dummy=3D1,nolog,pass SecRule IP:UPDATE_RATE "@gt 2" log,drop But i don't know how store also session id, and check the right association. Please, help me. Mauro=20 |