|
From: Ryan B. <RBa...@tr...> - 2011-04-12 16:35:46
|
On 4/12/11 12:33 PM, "Oleg Gryb" <ole...@ya...> wrote: >I've tried the suggested default and got error below. I've also checked >mod-security docs and didn't find the option in question (they have >SecResponseBodyLimitAction only) > >Error: >Invalid command 'SecRequestBodyLimitAction', perhaps misspelled or >defined by a >module not included in the server configuration See the reference manual - https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Referen ce_Manual#SecRequestBodyLimitAction This is only available in v2.6.0 which is still in trunk. We are working on the new Recommended Base Config as we will be bundling it with v2.6 when it is released. -Ryan > > > > >----- Original Message ---- >> From: Ryan Barnett <RBa...@tr...> >> To: Oleg Gryb <ol...@gr...> >> Cc: Oleg Gryb <ol...@gr...>; >>"mod...@li..." >><mod...@li...> >> Sent: Mon, April 11, 2011 6:13:18 PM >> Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown >>in the >>log >> >> You should have a separate file that handles your main config settings >>- >>http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Refere >>nce_Manual#A_Recommended_Base_Configuration >>n >> >> These are settings that you maintain for your local site. These should >>not be >>included within 3rd party rules such as the CRS. >> >> Ryan >> >> On Apr 11, 2011, at 9:07 PM, "Oleg Gryb" >><ole...@ya...<mailto:ole...@ya...>> wrote: >> >> It helped, now I see other rules working. >> My SecRuleEngine setting was commented out (). It means that default >>behavior >>is "Off", right? >> >> Probably it's better to have it as DetectionOnly by default. >> >> Thanks for your help, >> Oleg. >> >> From: Breno Silva <bre...@gm...<mailto:bre...@gm...>> >> To: <mailto:mod...@li...> >>mod...@li...<mailto:mod-security-develop >>er...@li...> >> >> Cc: Ryan Barnett >><RBa...@tr...<mailto:RBa...@tr...>>; Oleg >>Gryb <ol...@gr...<mailto:ol...@gr...>> >> Sent: Mon, April 11, 2011 5:57:52 PM >> Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is shown >>in the >>log >> >> Oleg, >> >> I think your SecRuleEngine is set as Off. >> >> Please set it to SecRuleEngine DetectionOnly or SecRuleEngine On >> >> Thanks >> >> Breno >> >> On Mon, Apr 11, 2011 at 7:20 PM, Ryan Barnett >><<mailto:RBa...@tr...>RBa...@tr...<mailto:RBarnett@tr >>ustwave.com>> >> wrote: >> Can you also send your other main config file? >> >> On Apr 11, 2011, at 6:55 PM, "Oleg Gryb" >><<mailto:ole...@ya...>ole...@ya...<mailto:oleg_gryb@yahoo.c >>om>> >>wrote: >> >> > Ryan, >> > Thank you for the quick response. Here is the information that you've >>requested: >> > >> > Apache/2.2.17 (Debian) >> > modsecurity-apache_2.5.13 >> > >> > >> > The *.conf files are attached as well. I'll try CRS 2.1.3 and let >>you know >>if it >> > works. >> > >> > Please let me know if you have a fix, >> > Oleg. >> > >> > >> > >> > >> > >> > >> > ----- Original Message ---- >> >> From: Ryan Barnett >><<mailto:RBa...@tr...>RBa...@tr...<mailto:RBarnett@tr >>ustwave.com>> >> >> >> To: "<mailto:ol...@gr...>ol...@gr...<mailto:ol...@gr...>" >><<mailto:ol...@gr...>ol...@gr...<mailto:ol...@gr...>>; >> >> >>"<mailto:mod...@li...>mod-security-devel >>op...@li...<mailto:mod...@li... >>rge.net>" >> >> >> >><<mailto:mod...@li...>mod-security-devel >>op...@li...<mailto:mod...@li... >>rge.net>> >> >> >> Sent: Mon, April 11, 2011 3:28:38 PM >> >> Subject: Re: [Mod-security-developers] CRS 2.1.2 only phase:5 is >>shown in >>the >> >> log >> >> >> >> Oleg, >> >> >> >> What Apache and ModSecurity versions are you using? >> >> >> >> Can you try and sync from SVN and try the 2.1.3 version of CRS? >> >> >> >> This does look add as it is essentially skipping phases 1-4 and >>then >> >> picking up rules in phase:5. Can you send your >> >> modsecurity_crs_10_config.conf file? >> >> >> >> -Ryan >> >> >> >> On 4/11/11 5:59 PM, "Oleg Gryb" >><<mailto:ole...@ya...>ole...@ya...<mailto:oleg_gryb@yahoo.c >>om>> >>wrote: >> >> >> >>> I'm trying to make dos_protection working in CRS 2.1.2 and it >>seems to >me >> >>> that something is grossly wrong with this version. It looks like >>the >only >> >>> rules that are executed are the ones in "phase:5", everything >>else is >> >>> completely ignored. >> >>> >> >>> I have debug level set to 9 and only rules that are shown in the >>log >file >> >>> are those that in phase 5 (see below). Please let me know what is >wrong. >> >>> >> >>> The collections and variables that are set in >> >>> modsecurity_crs_10_config.conf are not defined (e.g. IP >>collection and >> >>> dos_counter_threshold variable) >> >>> >> >>> This is from modsecurity_crs_10_config.con: >> >>> ------------------------------------------- >> >>> SecAction "phase:1,t:none,nolog,pass, \ >> >>> setvar:'tx.dos_burst_time_slice=60', \ >> >>> setvar:'tx.dos_counter_threshold=1', \ >> >>> setvar:'tx.dos_block_timeout=600'" >> >>> ... >> >>> SecAction >> >>> >"phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr} >> >>> _%{tx.ua_hash}" >> >>> ... >> >>> >> >>> This is from log file: >> >>> --------------------- >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Initialising >>transaction >> >>> (txid TaNTXH8AAAEAAFC-AdsAAABJ). >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Transaction context >created >> >>> (dcfg b78714e0). >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Processing disabled, >> >>> skipping (hook request_early). >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] PdfProtect: Not >>enabled >>here. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/][4] Processing disabled, >> >>> skipping (hook request_late). >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Hook >> >>> insert_filter: Adding PDF XSS protection output filter (r >>b8c2bba8). >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Hook >> >>> insert_filter: Processing disabled, skipping. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] >>Initialising >> >>> logging. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Starting >>phase >> >>> LOGGING. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] This phase >> >>> consists of 36 rule(s). >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b7ba1cb0; [file >> >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >> >>> .conf"] [line "24"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b7ba1cb0: >> >>> SecRule "IP:DOS_BLOCK" "@eq 1" >> >>> "phase:5,t:none,nolog,skipAfter:END_DOS_PROTECTION_CHECKS" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >>not >> >>> chained -> mode NEXT_RULE. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b7ba2438; [file >> >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >> >>> .conf"] [line "30"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b7ba2438: >> >>> SecRule "REQUEST_BASENAME" "!@rx \\.(jpe?g|png|gif|js|css|ico)$" >> >>> >>"phase:5,t:none,log,pass,setvar:ip.dos_counter=+1,logdata:'THRESHOLD= >> >>> %{tx.dos_counter_threshold}; COUNTER=%{ip.dos_counter}'" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] >>Transformation >> >>> completed in 1 usec. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing >>operator >> >>> "!rx" with param "\\.(jpe?g|png|gif|js|css|ico)$" against >> >>> REQUEST_BASENAME. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target >>value: "" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][6] Ignoring >>regex >> >>> captures since "capture" action is not enabled. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator >>completed >> >>> in 17 usec. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Setting >variable: >> >>> ip.dos_counter=+1 >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][3] Could not >>set >> >>> variable "ip.dos_counter" as the collection does not exist. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][2] Warning. >>Match >of >> >>> "rx \\.(jpe?g|png|gif|js|css|ico)$" against "REQUEST_BASENAME" >>required. >> >>> [file >> >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >> >>> .conf"] [line "30"] [data "THRESHOLD= ; COUNTER="] >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 1. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Match -> >>mode >> >>> NEXT_RULE. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b7ba30f8; [file >> >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >> >>> .conf"] [line "37"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b7ba30f8: >> >>> SecRule "IP:DOS_COUNTER" "@gt %{tx.dos_counter_threshold}" >> >>> >"phase:5,t:none,nolog,pass,t:none,setvar:ip.dos_burst_counter=+1,expirevar >> >>> >>:ip.dos_burst_counter=%{tx.dos_burst_time_slice},setvar:!ip.dos_counter" >> >>> ; [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >>not >> >>> chained -> mode NEXT_RULE. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b7bca648; [file >> >>> >"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_11_dos_protection >> >>> .conf"] [line "44"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b7bca648: >> >>> SecRule "IP:DOS_BURST_COUNTER" "@ge 1" >> >>> "phase:5,t:none,log,pass,msg:'Potential Denial of Service (DoS) >>Attack >> >>> from %{remote_addr} - # of Request Bursts: >> >>> >%{ip.dos_burst_counter}',setvar:ip.dos_block=1,expirevar:ip.dos_block=%{tx >> >>> .dos_block_timeout}" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >>not >> >>> chained -> mode NEXT_RULE. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b85598c8; [file >> >>> >>"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.c >>o<http://modsecurity_crs_60_correlation.co> >> >> >>> nf"] [line "21"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b85598c8: >> >>> SecRule "&TX:'/LEAKAGE\\\\/ERRORS/'" "@ge 1" >> >>> >"phase:5,chain,t:none,log,skipAfter:END_CORRELATION,severity:0,msg:'Correl >> >>> ated Successful Attack Identified: (Total Score: >>%{tx.anomaly_score}, >> >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}) Inbound >>Attack >> >>> (%{tx.inbound_tx_msg} - Inbound Anomaly Score: >> >>> %{TX.INBOUND_ANOMALY_SCORE}) + Outbound Data Leakage (%{tx.msg} - >> >>> Outbound Anomaly Score: %{TX.OUTBOUND_ANOMALY_SCORE})'" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] >>Transformation >> >>> completed in 1 usec. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing >>operator >> >>> "ge" with param "1" against &TX:/LEAKAGE\/ERRORS/. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target >>value: "0" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator >completed >> >>> in 2 usec. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >chained >> >>> -> mode NEXT_CHAIN. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b8578910; [file >> >>> >>"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.c >>o<http://modsecurity_crs_60_correlation.co> >> >> >>> nf"] [line "28"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b8578910: >> >>> SecRule "&TX:'/AVAILABILITY\\\\/APP_NOT_AVAIL/'" "@ge 1" >> >>> >"phase:5,chain,t:none,log,skipAfter:END_CORRELATION,severity:1,msg:'Correl >> >>> ated Attack Attempt Identified: (Total Score: >>%{tx.anomaly_score}, >> >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}) Inbound >>Attack >> >>> (%{tx.inbound_tx_msg} Inbound Anomaly Score: >%{TX.INBOUND_ANOMALY_SCORE}) >> >>> + Outbound Application Error (%{tx.msg} - Outbound Anomaly >>Score: >> >>> %{TX.OUTBOUND_ANOMALY_SCORE})'" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] >>Transformation >> >>> completed in 1 usec. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Executing >>operator >> >>> "ge" with param "1" against &TX:/AVAILABILITY\/APP_NOT_AVAIL/. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] Target >>value: >"0" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Operator >>completed >> >>> in 1 usec. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >>chained >> >>> -> mode NEXT_CHAIN. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b8574618; [file >> >>> >>"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.c >>o<http://modsecurity_crs_60_correlation.co> >> >> >>> nf"] [line "32"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b8574618: >> >>> SecRule "TX:INBOUND_ANOMALY_SCORE" "@gt 0" >> >>> >"phase:5,chain,t:none,log,noauditlog,skipAfter:END_CORRELATION,msg:'Inboun >> >>> d Anomaly Score (Total Inbound Score: >>%{TX.INBOUND_ANOMALY_SCORE}, >> >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): >> >>> %{tx.inbound_tx_msg}'" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >>chained >> >>> -> mode NEXT_CHAIN. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b8598b18; [file >> >>> >>"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.c >>o<http://modsecurity_crs_60_correlation.co> >> >> >>> nf"] [line "36"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b8598b18: >> >>> SecRule "TX:INBOUND_ANOMALY_SCORE" "@ge >> >>> %{tx.inbound_anomaly_score_level}" >> >>> "phase:5,t:none,log,noauditlog,pass,msg:'Inbound Anomaly Score >>Exceeded >> >>> (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}, >> >>> SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): >> >>> %{tx.inbound_tx_msg}'" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >>not >> >>> chained -> mode NEXT_RULE. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Recipe: >>Invoking >> >>> rule b8585558; [file >> >>> >>"/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_60_correlation.c >>o<http://modsecurity_crs_60_correlation.co> >> >> >>> nf"] [line "39"]. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][5] Rule >>b8585558: >> >>> SecRule "TX:OUTBOUND_ANOMALY_SCORE" "@ge >> >>> %{tx.outbound_anomaly_score_level}" >> >>> "phase:5,t:none,log,noauditlog,pass,msg:'Outbound Anomaly Score >Exceeded >> >>> (score %{TX.OUTBOUND_ANOMALY_SCORE}): %{tx.msg}'" >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Rule >>returned 0. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][9] No match, >>not >> >>> chained -> mode NEXT_RULE. >> >>> [11/Apr/2011:12:15:40 --0700] >> >>> [localhost/sid#b85b0b18][rid#b8c2bba8][/index.html][4] Audit log: >> Not >> >>> configured to run for this request. >> >>> >> >>> >> >>> >> >>> >-------------------------------------------------------------------------- >> >>> ---- >> >>> Forrester Wave Report - Recovery time is now measured in hours and >>minutes >> >>> not days. Key insights are discussed in the 2010 Forrester Wave >>Report >>as >> >>> part of an in-depth evaluation of disaster recovery service >>providers. >> >>> Forrester found the best-in-class provider in terms of services >>and >> >>> vision. >> >>> Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >>http://p.sf.net/sfu/ibm-webcastpromo >> >>> _______________________________________________ >> >>> mod-security-developers mailing list >> >>> <mailto:mod...@li...> >>mod...@li...<mailto:mod-security-develop >>er...@li...> >> >> >>> >><https://lists.sourceforge.net/lists/listinfo/mod-security-developers> >>https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> >>> ModSecurity Services from Trustave's SpiderLabs: >> >>> <https://www.trustwave.com/spiderLabs.php> >>https://www.trustwave.com/spiderLabs.php >> >>> >> >> >> >> >> >> This transmission may contain information that is privileged, >>confidential, >> >> and/or exempt from disclosure under applicable law. If you are not >>the >>intended >> >> recipient, you are hereby notified that any disclosure, copying, >>distribution, >> >> or use of the information contained herein (including any reliance >>thereon) >>is >> >> STRICTLY PROHIBITED. If you received this transmission in error, >>please >> >> immediately contact the sender and destroy the material in its >>entirety, >>whether >> >> in electronic or hard copy format. >> >> >> >> >> >> >>------------------------------------------------------------------------- >>----- >> >> Forrester Wave Report - Recovery time is now measured in hours and >>minutes >> >> not days. Key insights are discussed in the 2010 Forrester Wave >>Report as >> >> part of an in-depth evaluation of disaster recovery service >>providers. >> >> Forrester found the best-in-class provider in terms of services and >>vision. >> >> Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >>http://p.sf.net/sfu/ibm-webcastpromo >> >> _______________________________________________ >> >> mod-security-developers mailing list >> >> <mailto:mod...@li...> >>mod...@li...<mailto:mod-security-develop >>er...@li...> >> >> >> >><https://lists.sourceforge.net/lists/listinfo/mod-security-developers> >>https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> >> ModSecurity Services from Trustave's SpiderLabs: >> >> <https://www.trustwave.com/spiderLabs.php> >>https://www.trustwave.com/spiderLabs.php >> >> >> > <modsecurity_crs_10_config.conf> >> > <modsecurity_crs_11_dos_protection.conf> >> > >>------------------------------------------------------------------------- >>----- >> > Forrester Wave Report - Recovery time is now measured in hours and >>minutes >> > not days. Key insights are discussed in the 2010 Forrester Wave >>Report as >> > part of an in-depth evaluation of disaster recovery service >>providers. >> > Forrester found the best-in-class provider in terms of services and >>vision. >> > Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >>http://p.sf.net/sfu/ibm-webcastpromo >> > _______________________________________________ >> > mod-security-developers mailing list >> > <mailto:mod...@li...> >>mod...@li...<mailto:mod-security-develop >>er...@li...> >> >> > >><https://lists.sourceforge.net/lists/listinfo/mod-security-developers> >>https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> > ModSecurity Services from Trustave's SpiderLabs: >> > <https://www.trustwave.com/spiderLabs.php> >>https://www.trustwave.com/spiderLabs.php >> >> This transmission may contain information that is privileged, >>confidential, >>and/or exempt from disclosure under applicable law. If you are not the >>intended >>recipient, you are hereby notified that any disclosure, copying, >>distribution, >>or use of the information contained herein (including any reliance >>thereon) is >>STRICTLY PROHIBITED. If you received this transmission in error, please >>immediately contact the sender and destroy the material in its entirety, >>whether in electronic or hard copy format. >> >> >> >>------------------------------------------------------------------------- >>----- >> Forrester Wave Report - Recovery time is now measured in hours and >>minutes >> not days. Key insights are discussed in the 2010 Forrester Wave Report >>as >> part of an in-depth evaluation of disaster recovery service providers. >> Forrester found the best-in-class provider in terms of services and >>vision. >> Read this report now! <http://p.sf.net/sfu/ibm-webcastpromo> >>http://p.sf.net/sfu/ibm-webcastpromo >> _______________________________________________ >> mod-security-developers mailing list >><mailto:mod...@li...>mod-security-develo >>pe...@li...<mailto:mod...@li... >>ge.net> >>> >><https://lists.sourceforge.net/lists/listinfo/mod-security-developers>htt >>ps://lists.sourceforge.net/lists/listinfo/mod-security-developers >>s >> ModSecurity Services from Trustave's SpiderLabs: >><https://www.trustwave.com/spiderLabs.php>https://www.trustwave.com/spide >>rLabs.php >>p >> >> >> ________________________________ >> This transmission may contain information that is privileged, >>confidential, >>and/or exempt from disclosure under applicable law. If you are not the >>intended >>recipient, you are hereby notified that any disclosure, copying, >>distribution, >>or use of the information contained herein (including any reliance >>thereon) is >>STRICTLY PROHIBITED. If you received this transmission in error, please >>immediately contact the sender and destroy the material in its entirety, >>whether >>in electronic or hard copy format. >> >>------------------------------------------------------------------------- >>----- >> Forrester Wave Report - Recovery time is now measured in hours and >>minutes >> not days. Key insights are discussed in the 2010 Forrester Wave Report >>as >> part of an in-depth evaluation of disaster recovery service providers. >> Forrester found the best-in-class provider in terms of services and >>vision. >> Read this report now! http://p.sf.net/sfu/ibm-webcastpromo >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > >-------------------------------------------------------------------------- >---- >Forrester Wave Report - Recovery time is now measured in hours and minutes >not days. Key insights are discussed in the 2010 Forrester Wave Report as >part of an in-depth evaluation of disaster recovery service providers. >Forrester found the best-in-class provider in terms of services and >vision. >Read this report now! http://p.sf.net/sfu/ibm-webcastpromo >_______________________________________________ >mod-security-developers mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-developers >ModSecurity Services from Trustave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
