Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown in the log
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown in the log
|
From: Ryan B. <RBa...@tr...> - 2011-04-12 01:13:32
|
You should have a separate file that handles your main config settings - http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#A_Recommended_Base_Configuration These are settings that you maintain for your local site. These should not be included within 3rd party rules such as the CRS. Ryan On Apr 11, 2011, at 9:07 PM, "Oleg Gryb" <ole...@ya...<mailto:ole...@ya...>> wrote: It helped, now I see other rules working. My SecRuleEngine setting was commented out (). It means that default behavior is "Off", right? Probably it's better to have it as DetectionOnly by default. Thanks for your help, Oleg. From: Breno Silva <bre...@gm...<mailto:bre...@gm...>> To: <mailto:mod...@li...> mod...@li...<mailto:mod...@li...> Cc: Ryan Barnett <RBa...@tr...<mailto:RBa...@tr...>>; Oleg Gryb <ol...@gr...<mailto:ol...@gr...>> Sent: Mon, April 11, 2011 5:57:52 PM Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown in the log Oleg, I think your SecRuleEngine is set as Off. Please set it to SecRuleEngine DetectionOnly or SecRuleEngine On Thanks Breno On Mon, Apr 11, 2011 at 7:20 PM, Ryan Barnett <<mailto:RBa...@tr...>RBa...@tr...<mailto:RBa...@tr...>> wrote: Can you also send your other main config file? On Apr 11, 2011, at 6:55 PM, "Oleg Gryb" <<mailto:ole...@ya...>ole...@ya...<mailto:ole...@ya...>> wrote: > Ryan, > Thank you for the quick response. Here is the information that you've requested: > > Apache/2.2.17 (Debian) > modsecurity-apache_2.5.13 > > > The *.conf files are attached as well. I'll try CRS 2.1.3 and let you know if it > works. > > Please let me know if you have a fix, > Oleg. > > > > > > > ----- Original Message ---- >> From: Ryan Barnett <<mailto:RBa...@tr...>RBa...@tr...<mailto:RBa...@tr...>> >> To: "<mailto:ol...@gr...>ol...@gr...<mailto:ol...@gr...>" <<mailto:ol...@gr...>ol...@gr...<mailto:ol...@gr...>>; >> "<mailto:mod...@li...>mod...@li...<mailto:mod...@li...>" >> <<mailto:mod...@li...>mod...@li...<mailto:mod...@li...>> >> Sent: Mon, April 11, 2011 3:28:38 PM >> Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown in the >> log >> >> Oleg, >> >> What Apache and ModSecurity versions are you using? >> >> Can you try and sync from SVN and try the 2.1.3 version of CRS? >> >> This does look add as it is essentially skipping phases 1-4 and then >> picking up rules in phase:5. Can you send your >> modsecurity_crs_10_config.conf file? >> >> -Ryan >> >> On 4/11/11 5:59 PM, "Oleg Gryb" <<mailto:ole...@ya...>ole...@ya...<mailto:ole...@ya...>> wrote: >> >>> I'm trying to make dos_protection working in CRS 2.1.2 and it seems to me >>> that something is grossly wrong with this version. It looks like the only >>> rules that are executed are the ones in "phase:5", everything else is >>> completely ignored. >>> >>> I have debug level set to 9 and only rules that are shown in the log file >>> are those that in phase 5 (see below). Please let me know what is wrong. >>> >>> The collections and variables that are set in >>> modsecurity_crs_10_config.conf are not defined (e.g. IP collection and >>> dos_counter_threshold variable) >>> >>> This is from modsecurity_crs_10_config.con: >>> ------------------------------------------- >>> SecAction "phase:1,t:none,nolog,pass, \ >>> setvar:'tx.dos_burst_time_slice=60', \ >>> setvar:'tx.dos_counter_threshold=1', \ >>> setvar:'tx.dos_block_timeout=600'" >>> ... >>> SecAction >>> "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr} >>> _%{tx.ua_hash}" >>> ... >>> >>> This is from log file: >>> --------------------- >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Initialising transaction >>> (txid TaNTXH8AAAEAAFC-AdsAAABJ). >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Transaction context created >>> (dcfg b78714e0). >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Processing disabled, >>> skipping (hook request_early). >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] PdfProtect: Not enabled here. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Processing disabled, >>> skipping (hook request_late). >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Hook >>> insert_filter: Adding PDF XSS protection output filter (r b8c2bba8). >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Hook >>> insert_filter: Processing disabled, skipping. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Initialising >>> logging. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Starting phase >>> LOGGING. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] This phase >>> consists of 36 rule(s). >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b7ba1cb0; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >>> .conf"] [line "24"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7ba1cb0: >>> SecRule "IP:DOS_BLOCK" "@eq 1" >>> "phase:5,t:none,nolog,skipAfter:END_DOS_PROTECTION_CHECKS" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not >>> chained -> mode NEXT_RULE. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b7ba2438; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >>> .conf"] [line "30"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7ba2438: >>> SecRule "REQUEST_BASENAME" "!@rx \\.(jpe?g|png|gif|js|css|ico)$" >>> "phase:5,t:none,log,pass,setvar:ip.dos_counter=+1,logdata:'THRESHOLD= >>> %{tx.dos_counter_threshold}; COUNTER=%{ip.dos_counter}'" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Transformation >>> completed in 1 usec. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing operator >>> "!rx" with param "\\.(jpe?g|png|gif|js|css|ico)$" against >>> REQUEST_BASENAME. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target value: "" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][6] Ignoring regex >>> captures since "capture" action is not enabled. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator completed >>> in 17 usec. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Setting variable: >>> ip.dos_counter=+1 >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][3] Could not set >>> variable "ip.dos_counter" as the collection does not exist. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][2] Warning. Match of >>> "rx \\.(jpe?g|png|gif|js|css|ico)$" against "REQUEST_BASENAME" required. >>> [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >>> .conf"] [line "30"] [data "THRESHOLD= ; COUNTER="] >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 1. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Match -> mode >>> NEXT_RULE. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b7ba30f8; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >>> .conf"] [line "37"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7ba30f8: >>> SecRule "IP:DOS_COUNTER" "@gt %{tx.dos_counter_threshold}" >>> "phase:5,t:none,nolog,pass,t:none,setvar:ip.dos_burst_counter=+1,expirevar >>> :ip.dos_burst_counter=%{tx.dos_burst_time_slice},setvar:!ip.dos_counter" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not >>> chained -> mode NEXT_RULE. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b7bca648; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >>> .conf"] [line "44"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7bca648: >>> SecRule "IP:DOS_BURST_COUNTER" "@ge 1" >>> "phase:5,t:none,log,pass,msg:'Potential Denial of Service (DoS) Attack >>> from %{remote_addr} - # of Request Bursts: >>> %{ip.dos_burst_counter}',setvar:ip.dos_block=1,expirevar:ip.dos_block=%{tx >>> .dos_block_timeout}" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not >>> chained -> mode NEXT_RULE. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b85598c8; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> >>> nf"] [line "21"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b85598c8: >>> SecRule "&TX:'/LEAKAGE\\\\/ERRORS/'" "@ge 1" >>> "phase:5,chain,t:none,log,skipAfter:END_CORRELATION,severity:0,msg:'Correl >>> ated Successful Attack Identified: (Total Score: %{tx.anomaly_score}, >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}) Inbound Attack >>> (%{tx.inbound_tx_msg} - Inbound Anomaly Score: >>> %{TX.INBOUND_ANOMALY_SCORE}) + Outbound Data Leakage (%{tx.msg} - >>> Outbound Anomaly Score: %{TX.OUTBOUND_ANOMALY_SCORE})'" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Transformation >>> completed in 1 usec. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing operator >>> "ge" with param "1" against &TX:/LEAKAGE\/ERRORS/. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target value: "0" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator completed >>> in 2 usec. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, chained >>> -> mode NEXT_CHAIN. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b8578910; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> >>> nf"] [line "28"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8578910: >>> SecRule "&TX:'/AVAILABILITY\\\\/APP_NOT_AVAIL/'" "@ge 1" >>> "phase:5,chain,t:none,log,skipAfter:END_CORRELATION,severity:1,msg:'Correl >>> ated Attack Attempt Identified: (Total Score: %{tx.anomaly_score}, >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}) Inbound Attack >>> (%{tx.inbound_tx_msg} Inbound Anomaly Score: %{TX.INBOUND_ANOMALY_SCORE}) >>> + Outbound Application Error (%{tx.msg} - Outbound Anomaly Score: >>> %{TX.OUTBOUND_ANOMALY_SCORE})'" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Transformation >>> completed in 1 usec. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing operator >>> "ge" with param "1" against &TX:/AVAILABILITY\/APP_NOT_AVAIL/. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target value: "0" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator completed >>> in 1 usec. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, chained >>> -> mode NEXT_CHAIN. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b8574618; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> >>> nf"] [line "32"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8574618: >>> SecRule "TX:INBOUND_ANOMALY_SCORE" "@gt 0" >>> "phase:5,chain,t:none,log,noauditlog,skipAfter:END_CORRELATION,msg:'Inboun >>> d Anomaly Score (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}, >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): >>> %{tx.inbound_tx_msg}'" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, chained >>> -> mode NEXT_CHAIN. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b8598b18; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> >>> nf"] [line "36"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8598b18: >>> SecRule "TX:INBOUND_ANOMALY_SCORE" "@ge >>> %{tx.inbound_anomaly_score_level}" >>> "phase:5,t:none,log,noauditlog,pass,msg:'Inbound Anomaly Score Exceeded >>> (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}, >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): >>> %{tx.inbound_tx_msg}'" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not >>> chained -> mode NEXT_RULE. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking >>> rule b8585558; [file >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> >>> nf"] [line "39"]. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8585558: >>> SecRule "TX:OUTBOUND_ANOMALY_SCORE" "@ge >>> %{tx.outbound_anomaly_score_level}" >>> "phase:5,t:none,log,noauditlog,pass,msg:'Outbound Anomaly Score Exceeded >>> (score %{TX.OUTBOUND_ANOMALY_SCORE}): %{tx.msg}'" >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not >>> chained -> mode NEXT_RULE. >>> [11/Apr/2011:12:15:40 --0700] >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Audit log: Not >>> configured to run for this request. >>> >>> >>> >>> -------------------------------------------------------------------------- >>> ---- >>> Forrester Wave Report - Recovery time is now measured in hours and minutes >>> not days. Key insights are discussed in the 2010 Forrester Wave Report as >>> part of an in-depth evaluation of disaster recovery service providers. >>> Forrester found the best-in-class provider in terms of services and >>> vision. >>> Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> http://p.sf.net/sfu/ibm-webcastpromo >>> _______________________________________________ >>> mod-security-developers mailing list >>> <mailto:mod...@li...> mod...@li...<mailto:mod...@li...> >>> <https://lists.sourceforge.net/lists/listinfo/mod-security-developers> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustave's SpiderLabs: >>> <https://www.trustwave.com/spiderLabs.php> https://www.trustwave.com/spiderLabs.php >>> >> >> >> This transmission may contain information that is privileged, confidential, >> and/or exempt from disclosure under applicable law. If you are not the intended >> recipient, you are hereby notified that any disclosure, copying, distribution, >> or use of the information contained herein (including any reliance thereon) is >> STRICTLY PROHIBITED. If you received this transmission in error, please >> immediately contact the sender and destroy the material in its entirety, whether >> in electronic or hard copy format. >> >> >> ------------------------------------------------------------------------------ >> Forrester Wave Report - Recovery time is now measured in hours and minutes >> not days. Key insights are discussed in the 2010 Forrester Wave Report as >> part of an in-depth evaluation of disaster recovery service providers. >> Forrester found the best-in-class provider in terms of services and vision. >> Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> http://p.sf.net/sfu/ibm-webcastpromo >> _______________________________________________ >> mod-security-developers mailing list >> <mailto:mod...@li...> mod...@li...<mailto:mod...@li...> >> <https://lists.sourceforge.net/lists/listinfo/mod-security-developers> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustave's SpiderLabs: >> <https://www.trustwave.com/spiderLabs.php> https://www.trustwave.com/spiderLabs.php >> > <modsecurity_crs_10_config.conf> > <modsecurity_crs_11_dos_protection.conf> > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > mod-security-developers mailing list > <mailto:mod...@li...> mod...@li...<mailto:mod...@li...> > <https://lists.sourceforge.net/lists/listinfo/mod-security-developers> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustave's SpiderLabs: > <https://www.trustwave.com/spiderLabs.php> https://www.trustwave.com/spiderLabs.php This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ mod-security-developers mailing list <mailto:mod...@li...>mod...@li...<mailto:mod...@li...> <https://lists.sourceforge.net/lists/listinfo/mod-security-developers>https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustave's SpiderLabs: <https://www.trustwave.com/spiderLabs.php>https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
