Re: [Mod-security-developers] Presentation and Mod Security for Java Advance
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Presentation and Mod Security for Java Advance
|
From: Ryan B. <RBa...@tr...> - 2011-04-22 11:38:51
|
Awesome work Juan Carlos! I am cross-posting this to the mod-security-users list as well since there was a recent thread on ModSecurity and Tomcat (http://comments.gmane.org/gmane.comp.apache.mod-security.user/8163). Currently, you would have to front-end Tomcat with and Apache2 reverse proxy in order to have ModSecurity protect it. With Juan Carlos' porting of the OWASP Java WAF servlet filter, however, you will soon be able to use the core of the ModSecurity rules language directly in a Java server! Keep up the great work Juan Carlos!!! And for anyone else who is interested in helping with Ports of ModSecurity for other platforms, we have info here - http://www.modsecurity.org/projects/. Please let us know if you would like to port ModSecurity to another platform. -- Ryan Barnett Senior Security Researcher Trustwave – SpiderLabs From: Juan calderon <jua...@ow...<mailto:jua...@ow...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Thu, 21 Apr 2011 22:24:54 -0500 To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [Mod-security-developers] Presentation and Mod Security for Java Advance Hello Guys My name is Juan Carlos Calderon I live in Mexico and I am creating the ModSecurity Java Port by including Level 1 Port Specification functionality to OWASP Java WAF. I want to give you a small update on my advance. The Following variables are now available: ARGS, ARGS_NAMES, QUERY_STRING, REMOTE_ADDR, REQUEST_BASENAME, REQUEST_COOKIES, REQUEST_COOKIES_NAMES, REQUEST_FILENAME, REQUEST_HEADERS_NAMES, REQUEST_HEADERS, REQUEST_METHOD, REQUEST_PROTOCOL, REQUEST_URI, REQUEST_URI_RAW, RESPONSE_CONTENT_TYPE. Phases phase:1 - Request headers stage phase:2 - Request body stage phase:4 - Response body stage Phase 3 is not available in Java, thus, Java 4 will be used as a fall back to phase 3 actions. Little by little the port is taking shape. Regards, Juan Carlos Calderon ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
