Re: [Mod-security-developers] ModSecurity for Java
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSecurity for Java
|
From: Ryan B. <RBa...@tr...> - 2011-06-16 23:56:07
|
Juan Carlos would be the best one to answer those questions as he is the OWASP Java WAF project lead. What Juan and I discussed is that he is updating the Java WAF code to accept ModSecurity SecRules. In order to help porting efforts to other platforms, the ModSecurity team has developed a porting specification with 2 levels - http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Rules_La nguage_Porting_Spec We realize that it may not be feasible for all functionality to be ported so we focused Level 1 on Core Features. This should allow user to add in basic ModSecurity SecRules. If you have any input on the porting specs please let us know. -Ryan On 6/16/11 7:49 PM, "Oleg Gryb" <ole...@ya...> wrote: >Can anyone please provide more data on this Java project? In particularly >I need >to know: > >1. Is it stable enough to be used in production? >2. If it's not, do you have any timelines for the first version that can >be used >in prod? > >In general, I think it would be very useful for expanding the >applicability of >mod-security. > >Thanks, >Oleg. > > > >----- Original Message ---- >> From: Juan Carlos Calderon Rojas <jua...@so...> >> To: "mod...@li..." >><mod...@li...> >> Sent: Fri, June 3, 2011 6:18:56 AM >> Subject: Re: [Mod-security-developers] ModSecurity for Java >> >> Yes I have, although as the implementations are different I guess there >>is a >>bug or something on the original code of OWASP Java WAF. >> >> I will leave that part to later on and make some more progress on the >>evaluation of the rules, keep you posted >> >> Thanks, >> Juan Carlos >> >> ________________________________________ >> De: Ryan Barnett [RBa...@tr...] >> Enviado el: jueves, 02 de junio de 2011 07:28 a.m. >> Para: mod...@li... >> Asunto: Re: [Mod-security-developers] ModSecurity for Java >> >> Hey Juan Carlos, >> Thanks for the update! Have you looked at the >>"MsHttpServletResponse.java" >>code from the old ModSecurity for Java project? >> http://www.modsecurity.org/download/msj-m3c.war >> >> Maybe that would help. >> >> -Ryan >> >> From: Juan calderon >><jua...@ow...<mailto:jua...@ow...>> >> Reply-To: >>"mod...@li...<mailto:mod-security-develo >>pe...@li...>" >> >><mod...@li...<mailto:mod-security-develo >>pe...@li...>> >> >> Date: Thu, 2 Jun 2011 00:51:39 -0500 >> To: >>"mod...@li...<mailto:mod-security-develo >>pe...@li...>" >> >><mod...@li...<mailto:mod-security-develo >>pe...@li...>> >> >> Subject: [Mod-security-developers] ModSecurity for Java >> >> Hello Guys >> >> Just a little update, Rule parser for this project is already working >>and >>supporting the 4 directives (SecRuleEngine, SecRule, >>SecRequestBodyAccess, >>SecResponseBodyAccess ) of Rule Language Porting Spec Level 1 :) >> >> I am struggling to get the Response variables working, I always get an >>empty >>string for the response body buffer :(, can anyone give me some support >>on >>this one, I might not be using the ReponseWrapper correctly. >> >> Regards, >> Juan Carlos Calderon >> >> ________________________________ >> This transmission may contain information that is privileged, >>confidential, >>and/or exempt from disclosure under applicable law. If you are not the >>intended >>recipient, you are hereby notified that any disclosure, copying, >>distribution, >>or use of the information contained herein (including any reliance >>thereon) is >>STRICTLY PROHIBITED. If you received this transmission in error, please >>immediately contact the sender and destroy the material in its >>entirety, >>whether in electronic or hard copy format. >> >> >> >>------------------------------------------------------------------------- >>----- >> Simplify data backup and recovery for your virtual environment with >>vRanger. >> Installation's a snap, and flexible recovery options mean your data is >>safe, >> secure and there when you need it. Data protection magic? >> Nope - It's vRanger. Get your free trial download today. >> http://p.sf.net/sfu/quest-sfdev2dev >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >>------------------------------------------------------------------------- >>----- >> Simplify data backup and recovery for your virtual environment with >>vRanger. >> Installation's a snap, and flexible recovery options mean your data is >>safe, >> secure and there when you need it. Discover what all the cheering's >>about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > >-------------------------------------------------------------------------- >---- >EditLive Enterprise is the world's most technically advanced content >authoring tool. Experience the power of Track Changes, Inline Image >Editing and ensure content is compliant with Accessibility Checking. >http://p.sf.net/sfu/ephox-dev2dev >_______________________________________________ >mod-security-developers mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
