|
From: Oleg G. <ole...@ya...> - 2011-04-12 16:33:37
|
I've tried the suggested default and got error below. I've also checked mod-security docs and didn't find the option in question (they have SecResponseBodyLimitAction only) Error: Invalid command 'SecRequestBodyLimitAction', perhaps misspelled or defined by a module not included in the server configuration ----- Original Message ---- > From: Ryan Barnett <RBa...@tr...> > To: Oleg Gryb <ol...@gr...> > Cc: Oleg Gryb <ol...@gr...>; "mod...@li..." ><mod...@li...> > Sent: Mon, April 11, 2011 6:13:18 PM > Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown in the >log > > You should have a separate file that handles your main config settings - >http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#A_Recommended_Base_Configuration >n > > These are settings that you maintain for your local site. These should not be >included within 3rd party rules such as the CRS. > > Ryan > > On Apr 11, 2011, at 9:07 PM, "Oleg Gryb" ><ole...@ya...<mailto:ole...@ya...>> wrote: > > It helped, now I see other rules working. > My SecRuleEngine setting was commented out (). It means that default behavior >is "Off", right? > > Probably it's better to have it as DetectionOnly by default. > > Thanks for your help, > Oleg. > > From: Breno Silva <bre...@gm...<mailto:bre...@gm...>> > To: <mailto:mod...@li...> >mod...@li...<mailto:mod...@li...> > > Cc: Ryan Barnett <RBa...@tr...<mailto:RBa...@tr...>>; Oleg >Gryb <ol...@gr...<mailto:ol...@gr...>> > Sent: Mon, April 11, 2011 5:57:52 PM > Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown in the >log > > Oleg, > > I think your SecRuleEngine is set as Off. > > Please set it to SecRuleEngine DetectionOnly or SecRuleEngine On > > Thanks > > Breno > > On Mon, Apr 11, 2011 at 7:20 PM, Ryan Barnett ><<mailto:RBa...@tr...>RBa...@tr...<mailto:RBa...@tr...>> > wrote: > Can you also send your other main config file? > > On Apr 11, 2011, at 6:55 PM, "Oleg Gryb" ><<mailto:ole...@ya...>ole...@ya...<mailto:ole...@ya...>> >wrote: > > > Ryan, > > Thank you for the quick response. Here is the information that you've >requested: > > > > Apache/2.2.17 (Debian) > > modsecurity-apache_2.5.13 > > > > > > The *.conf files are attached as well. I'll try CRS 2.1.3 and let you know >if it > > works. > > > > Please let me know if you have a fix, > > Oleg. > > > > > > > > > > > > > > ----- Original Message ---- > >> From: Ryan Barnett ><<mailto:RBa...@tr...>RBa...@tr...<mailto:RBa...@tr...>> > > >> To: "<mailto:ol...@gr...>ol...@gr...<mailto:ol...@gr...>" ><<mailto:ol...@gr...>ol...@gr...<mailto:ol...@gr...>>; > >> >"<mailto:mod...@li...>mod...@li...<mailto:mod...@li...>" > > >> ><<mailto:mod...@li...>mod...@li...<mailto:mod...@li...>> > > >> Sent: Mon, April 11, 2011 3:28:38 PM > >> Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown in >the > >> log > >> > >> Oleg, > >> > >> What Apache and ModSecurity versions are you using? > >> > >> Can you try and sync from SVN and try the 2.1.3 version of CRS? > >> > >> This does look add as it is essentially skipping phases 1-4 and then > >> picking up rules in phase:5. Can you send your > >> modsecurity_crs_10_config.conf file? > >> > >> -Ryan > >> > >> On 4/11/11 5:59 PM, "Oleg Gryb" ><<mailto:ole...@ya...>ole...@ya...<mailto:ole...@ya...>> >wrote: > >> > >>> I'm trying to make dos_protection working in CRS 2.1.2 and it seems to me > >>> that something is grossly wrong with this version. It looks like the only > >>> rules that are executed are the ones in "phase:5", everything else is > >>> completely ignored. > >>> > >>> I have debug level set to 9 and only rules that are shown in the log file > >>> are those that in phase 5 (see below). Please let me know what is wrong. > >>> > >>> The collections and variables that are set in > >>> modsecurity_crs_10_config.conf are not defined (e.g. IP collection and > >>> dos_counter_threshold variable) > >>> > >>> This is from modsecurity_crs_10_config.con: > >>> ------------------------------------------- > >>> SecAction "phase:1,t:none,nolog,pass, \ > >>> setvar:'tx.dos_burst_time_slice=60', \ > >>> setvar:'tx.dos_counter_threshold=1', \ > >>> setvar:'tx.dos_block_timeout=600'" > >>> ... > >>> SecAction > >>> "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr} > >>> _%{tx.ua_hash}" > >>> ... > >>> > >>> This is from log file: > >>> --------------------- > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Initialising transaction > >>> (txid TaNTXH8AAAEAAFC-AdsAAABJ). > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Transaction context created > >>> (dcfg b78714e0). > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Processing disabled, > >>> skipping (hook request_early). > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] PdfProtect: Not enabled >here. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Processing disabled, > >>> skipping (hook request_late). > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Hook > >>> insert_filter: Adding PDF XSS protection output filter (r b8c2bba8). > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Hook > >>> insert_filter: Processing disabled, skipping. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Initialising > >>> logging. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Starting phase > >>> LOGGING. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] This phase > >>> consists of 36 rule(s). > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b7ba1cb0; [file > >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection > >>> .conf"] [line "24"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7ba1cb0: > >>> SecRule "IP:DOS_BLOCK" "@eq 1" > >>> "phase:5,t:none,nolog,skipAfter:END_DOS_PROTECTION_CHECKS" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not > >>> chained -> mode NEXT_RULE. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b7ba2438; [file > >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection > >>> .conf"] [line "30"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7ba2438: > >>> SecRule "REQUEST_BASENAME" "!@rx \\.(jpe?g|png|gif|js|css|ico)$" > >>> "phase:5,t:none,log,pass,setvar:ip.dos_counter=+1,logdata:'THRESHOLD= > >>> %{tx.dos_counter_threshold}; COUNTER=%{ip.dos_counter}'" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Transformation > >>> completed in 1 usec. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing >operator > >>> "!rx" with param "\\.(jpe?g|png|gif|js|css|ico)$" against > >>> REQUEST_BASENAME. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target value: "" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][6] Ignoring regex > >>> captures since "capture" action is not enabled. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator >completed > >>> in 17 usec. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Setting variable: > >>> ip.dos_counter=+1 > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][3] Could not set > >>> variable "ip.dos_counter" as the collection does not exist. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][2] Warning. Match of > >>> "rx \\.(jpe?g|png|gif|js|css|ico)$" against "REQUEST_BASENAME" required. > >>> [file > >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection > >>> .conf"] [line "30"] [data "THRESHOLD= ; COUNTER="] > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 1. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Match -> mode > >>> NEXT_RULE. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b7ba30f8; [file > >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection > >>> .conf"] [line "37"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7ba30f8: > >>> SecRule "IP:DOS_COUNTER" "@gt %{tx.dos_counter_threshold}" > >>> "phase:5,t:none,nolog,pass,t:none,setvar:ip.dos_burst_counter=+1,expirevar > >>> :ip.dos_burst_counter=%{tx.dos_burst_time_slice},setvar:!ip.dos_counter" > >>> ; [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not > >>> chained -> mode NEXT_RULE. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b7bca648; [file > >>> "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection > >>> .conf"] [line "44"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b7bca648: > >>> SecRule "IP:DOS_BURST_COUNTER" "@ge 1" > >>> "phase:5,t:none,log,pass,msg:'Potential Denial of Service (DoS) Attack > >>> from %{remote_addr} - # of Request Bursts: > >>> %{ip.dos_burst_counter}',setvar:ip.dos_block=1,expirevar:ip.dos_block=%{tx > >>> .dos_block_timeout}" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not > >>> chained -> mode NEXT_RULE. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b85598c8; [file > >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> > > >>> nf"] [line "21"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b85598c8: > >>> SecRule "&TX:'/LEAKAGE\\\\/ERRORS/'" "@ge 1" > >>> "phase:5,chain,t:none,log,skipAfter:END_CORRELATION,severity:0,msg:'Correl > >>> ated Successful Attack Identified: (Total Score: %{tx.anomaly_score}, > >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}) Inbound Attack > >>> (%{tx.inbound_tx_msg} - Inbound Anomaly Score: > >>> %{TX.INBOUND_ANOMALY_SCORE}) + Outbound Data Leakage (%{tx.msg} - > >>> Outbound Anomaly Score: %{TX.OUTBOUND_ANOMALY_SCORE})'" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Transformation > >>> completed in 1 usec. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing >operator > >>> "ge" with param "1" against &TX:/LEAKAGE\/ERRORS/. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target value: "0" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator completed > >>> in 2 usec. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, chained > >>> -> mode NEXT_CHAIN. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b8578910; [file > >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> > > >>> nf"] [line "28"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8578910: > >>> SecRule "&TX:'/AVAILABILITY\\\\/APP_NOT_AVAIL/'" "@ge 1" > >>> "phase:5,chain,t:none,log,skipAfter:END_CORRELATION,severity:1,msg:'Correl > >>> ated Attack Attempt Identified: (Total Score: %{tx.anomaly_score}, > >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}) Inbound Attack > >>> (%{tx.inbound_tx_msg} Inbound Anomaly Score: %{TX.INBOUND_ANOMALY_SCORE}) > >>> + Outbound Application Error (%{tx.msg} - Outbound Anomaly Score: > >>> %{TX.OUTBOUND_ANOMALY_SCORE})'" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Transformation > >>> completed in 1 usec. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing >operator > >>> "ge" with param "1" against &TX:/AVAILABILITY\/APP_NOT_AVAIL/. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target value: "0" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator >completed > >>> in 1 usec. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, chained > >>> -> mode NEXT_CHAIN. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b8574618; [file > >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> > > >>> nf"] [line "32"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8574618: > >>> SecRule "TX:INBOUND_ANOMALY_SCORE" "@gt 0" > >>> "phase:5,chain,t:none,log,noauditlog,skipAfter:END_CORRELATION,msg:'Inboun > >>> d Anomaly Score (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}, > >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): > >>> %{tx.inbound_tx_msg}'" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, chained > >>> -> mode NEXT_CHAIN. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b8598b18; [file > >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> > > >>> nf"] [line "36"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8598b18: > >>> SecRule "TX:INBOUND_ANOMALY_SCORE" "@ge > >>> %{tx.inbound_anomaly_score_level}" > >>> "phase:5,t:none,log,noauditlog,pass,msg:'Inbound Anomaly Score Exceeded > >>> (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}, > >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): > >>> %{tx.inbound_tx_msg}'" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not > >>> chained -> mode NEXT_RULE. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: Invoking > >>> rule b8585558; [file > >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.co<http://modsecurity_crs_60_correlation.co> > > >>> nf"] [line "39"]. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule b8585558: > >>> SecRule "TX:OUTBOUND_ANOMALY_SCORE" "@ge > >>> %{tx.outbound_anomaly_score_level}" > >>> "phase:5,t:none,log,noauditlog,pass,msg:'Outbound Anomaly Score Exceeded > >>> (score %{TX.OUTBOUND_ANOMALY_SCORE}): %{tx.msg}'" > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule returned 0. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, not > >>> chained -> mode NEXT_RULE. > >>> [11/Apr/2011:12:15:40 --0700] > >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Audit log: Not > >>> configured to run for this request. > >>> > >>> > >>> > >>> -------------------------------------------------------------------------- > >>> ---- > >>> Forrester Wave Report - Recovery time is now measured in hours and >minutes > >>> not days. Key insights are discussed in the 2010 Forrester Wave Report >as > >>> part of an in-depth evaluation of disaster recovery service providers. > >>> Forrester found the best-in-class provider in terms of services and > >>> vision. > >>> Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >http://p.sf.net/sfu/ibm-webcastpromo > >>> _______________________________________________ > >>> mod-security-developers mailing list > >>> <mailto:mod...@li...> >mod...@li...<mailto:mod...@li...> > > >>> <https://lists.sourceforge.net/lists/listinfo/mod-security-developers> >https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >>> ModSecurity Services from Trustave's SpiderLabs: > >>> <https://www.trustwave.com/spiderLabs.php> >https://www.trustwave.com/spiderLabs.php > >>> > >> > >> > >> This transmission may contain information that is privileged, >confidential, > >> and/or exempt from disclosure under applicable law. If you are not the >intended > >> recipient, you are hereby notified that any disclosure, copying, >distribution, > >> or use of the information contained herein (including any reliance thereon) >is > >> STRICTLY PROHIBITED. If you received this transmission in error, please > >> immediately contact the sender and destroy the material in its entirety, >whether > >> in electronic or hard copy format. > >> > >> > >> >------------------------------------------------------------------------------ > >> Forrester Wave Report - Recovery time is now measured in hours and >minutes > >> not days. Key insights are discussed in the 2010 Forrester Wave Report as > >> part of an in-depth evaluation of disaster recovery service providers. > >> Forrester found the best-in-class provider in terms of services and >vision. > >> Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >http://p.sf.net/sfu/ibm-webcastpromo > >> _______________________________________________ > >> mod-security-developers mailing list > >> <mailto:mod...@li...> >mod...@li...<mailto:mod...@li...> > > >> <https://lists.sourceforge.net/lists/listinfo/mod-security-developers> >https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> ModSecurity Services from Trustave's SpiderLabs: > >> <https://www.trustwave.com/spiderLabs.php> >https://www.trustwave.com/spiderLabs.php > >> > > <modsecurity_crs_10_config.conf> > > <modsecurity_crs_11_dos_protection.conf> > > >------------------------------------------------------------------------------ > > Forrester Wave Report - Recovery time is now measured in hours and minutes > > not days. Key insights are discussed in the 2010 Forrester Wave Report as > > part of an in-depth evaluation of disaster recovery service providers. > > Forrester found the best-in-class provider in terms of services and vision. > > Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >http://p.sf.net/sfu/ibm-webcastpromo > > _______________________________________________ > > mod-security-developers mailing list > > <mailto:mod...@li...> >mod...@li...<mailto:mod...@li...> > > > <https://lists.sourceforge.net/lists/listinfo/mod-security-developers> >https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustave's SpiderLabs: > > <https://www.trustwave.com/spiderLabs.php> >https://www.trustwave.com/spiderLabs.php > > This transmission may contain information that is privileged, confidential, >and/or exempt from disclosure under applicable law. If you are not the intended >recipient, you are hereby notified that any disclosure, copying, distribution, >or use of the information contained herein (including any reliance thereon) is >STRICTLY PROHIBITED. If you received this transmission in error, please >immediately contact the sender and destroy the material in its entirety, >whether in electronic or hard copy format. > > > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > mod-security-developers mailing list ><mailto:mod...@li...>mod...@li...<mailto:mod...@li...> >> ><https://lists.sourceforge.net/lists/listinfo/mod-security-developers>https://lists.sourceforge.net/lists/listinfo/mod-security-developers >s > ModSecurity Services from Trustave's SpiderLabs: ><https://www.trustwave.com/spiderLabs.php>https://www.trustwave.com/spiderLabs.php >p > > > ________________________________ > This transmission may contain information that is privileged, confidential, >and/or exempt from disclosure under applicable law. If you are not the intended >recipient, you are hereby notified that any disclosure, copying, distribution, >or use of the information contained herein (including any reliance thereon) is >STRICTLY PROHIBITED. If you received this transmission in error, please >immediately contact the sender and destroy the material in its entirety, whether >in electronic or hard copy format. > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
