Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
From: Brent Clark <bclark@ec...> - 2006-06-20 10:25:22
Using the brilliant mod_security, I came across a string with the following in.
My questions is, what can be done to alert some security overseaer and help stop cyber crime.
For alerting purposes, I use CGI scripts. In my modsecurity default action
directive, I specify a 403 Forbidden status code. I then use the Apache
ErrorDocument directive to point to a CGI script. The CGI script will
present the client with an error message webpage and then send an email to
the security folks. The email contains a CGI ENV dump of all of the session
tokens (same output as the printenv cgi script). So essentially, the email
that I receive a snapshot of the attacker's request ENV.
I also add in some weblinks to helpful public websites for tracking down the
client's location/whois info, etc...
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
On 6/20/06, Brent Clark <bclark@...> wrote:
> Hey all
> Using the brilliant mod_security, I came across a string with the
> following in.
> My questions is, what can be done to alert some security overseaer and
> help stop cyber crime.
> Kind Regards
> Brent Clark
> mod-security-users mailing list