[mod-security-users] New Blog Post Series: ModSecurity Advanced Feature of the Week

[Ryan Barnett <RBarnett@tr...>]

Greetings everyone,
We are starting a new blog post series on the ModSecurity site called "Advanced Feature of the Week" where we will be highlighting many of ModSecurity's really cool capabilities.  These are the features that seldom used or fully understood by the average ModSecurity user however can provide detection of sophisticated attacks if used properly.  It is our goal with these blog posts to help shed light on these unique features and to provide some real-world, in-the-trenches gotchas for successful usage of these features.

This blog post series will have the following major topic sections -
1) ModSecurity Reference Manual Information
Provide reference manual data.

2) Use Within the OWASP Core Rule Set (CRS)
Outline if/when/how the CRS is utilizing this feature.

3) So What?
Will provide some context as to why you as a user should even care about this capability.  What advanced attack/vulnerability is this attempting to catch.

This week's feature is on the use of the @validateByteRange <http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-apache-reference.html#N11E29>;  operator.

http://blog.modsecurity.org/2010/08/advanced-feature-of-the-week-validating-byte-ranges.html

Enjoy,
Ryan

[mod-security-users] New Blog Post Series: ModSecurity Advanced Feature of the Week

[Ryan Barnett <RBarnett@tr...>]

Greetings everyone,
We are starting a new blog post series on the ModSecurity site called "Advanced Feature of the Week" where we will be highlighting many of ModSecurity's really cool capabilities.  These are the features that seldom used or fully understood by the average ModSecurity user however can provide detection of sophisticated attacks if used properly.  It is our goal with these blog posts to help shed light on these unique features and to provide some real-world, in-the-trenches gotchas for successful usage of these features.

This blog post series will have the following major topic sections -
1) ModSecurity Reference Manual Information
Provide reference manual data.

2) Use Within the OWASP Core Rule Set (CRS)
Outline if/when/how the CRS is utilizing this feature.

3) So What?
Will provide some context as to why you as a user should even care about this capability.  What advanced attack/vulnerability is this attempting to catch.

This week's feature is on the use of the @validateByteRange <http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-apache-reference.html#N11E29>;  operator.

http://blog.modsecurity.org/2010/08/advanced-feature-of-the-week-validating-byte-ranges.html

Enjoy,
Ryan