|
From: robert m. <rob...@gm...> - 2010-10-27 13:50:57
|
I've downloaded and used the rules from OWASP
modsecurity_35_bad_robots.data modsecurity_50_outbound.data
modsecurity_crs_48_local_exceptions.conf
modsecurity_35_scanners.data
modsecurity_50_outbound_malware.data
modsecurity_crs_49_inbound_blocking.conf
modsecurity_40_generic_attacks.data
modsecurity_crs_41_phpids_converter.conf
modsecurity_crs_50_outbound.conf
modsecurity_41_sql_injection_attacks.data
modsecurity_crs_41_phpids_filters.conf
modsecurity_crs_59_outbound_blocking.conf
modsecurity_42_comment_spam.data
modsecurity_crs_41_sql_injection_attacks.conf
modsecurity_crs_60_correlation.conf
modsecurity_46_et_sql_injection.data
modsecurity_crs_41_xss_attacks.conf
modsecurity_46_et_web_rules.data
modsecurity_crs_47_common_exceptions.conf
modsecurity_crs_20_protocol_violations.conf
modsecurity_crs_30_http_policy.conf
modsecurity_crs_42_tight_security.conf
modsecurity_crs_21_protocol_anomalies.conf
modsecurity_crs_35_bad_robots.conf modsecurity_crs_45_trojans.conf
modsecurity_crs_23_request_limits.conf
modsecurity_crs_40_generic_attacks.conf
I've configure SecDefaultAction "phase:2,drop,log"
On Wed, Oct 27, 2010 at 9:45 AM, Ryan Barnett <RBa...@tr...>wrote:
> On 10/27/10 9:21 AM, "robert mena" <rob...@gm...> wrote:
>
> > Hi,
> >
> > Is there a way to test with standard attack vectors to see if
> mod_security is
> > blocking the attemps for (example), sql injection?
> >
> > I've enabled and tried with www.mysite.com/?u=1 <
> http://www.mysite.com/?u=1>
> > OR 1=1 but no message is logged in /var/log/httpd/error-log
> >
>
> What rule set are you using? When I test your payload against our public
> OWASP Core Rule Set (CRS) Demo is triggers SQL Injection alerts -
> http://www.modsecurity.org/demo/phpids?test=1+OR+1%3D1
>
> -Ryan
>
>
>
|
