Re: [Mod-security-developers] ModSecurity for Java
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSecurity for Java
|
From: Oleg G. <ole...@ya...> - 2011-06-17 01:01:17
|
Juan, Ryan, Thank you for the answers. I'll try to take a closer look if time permits and let you know my thoughts. If you have any suggestion is regards of the best candidate for experiments, please let me know what it is. Oleg. > >From: Juan calderon <jua...@ow...> >To: Oleg Gryb <ol...@gr...>; mod...@li... >Sent: Thu, June 16, 2011 5:49:48 PM >Subject: Re: [Mod-security-developers] ModSecurity for Java > >Hello Oleg > >The development is in progress and it will take 2 or 3 months more. If you need >the firewall you can use the version 1 from ESAPI 2.0GA. Notice ModSecurity >rules are not supported in that version. But, it is very easy to create rules >for it. let me know if you need any help with that. > >Regards, >Juan Carlos Calderon > > >On Thu, Jun 16, 2011 at 6:49 PM, Oleg Gryb <ole...@ya...> wrote: > >Can anyone please provide more data on this Java project? In particularly I need >>to know: >> >>1. Is it stable enough to be used in production? >>2. If it's not, do you have any timelines for the first version that can be >used >>in prod? >> >>In general, I think it would be very useful for expanding the applicability of >>mod-security. >> >>Thanks, >>Oleg. >> >> >> >> >>----- Original Message ---- >>> From: Juan Carlos Calderon Rojas <jua...@so...> >>> To: "mod...@li..." >> >>><mod...@li...> >>> Sent: Fri, June 3, 2011 6:18:56 AM >>> Subject: Re: [Mod-security-developers] ModSecurity for Java >> >>> >>> Yes I have, although as the implementations are different I guess there is a >>>bug or something on the original code of OWASP Java WAF. >>> >>> I will leave that part to later on and make some more progress on the >>>evaluation of the rules, keep you posted >>> >>> Thanks, >>> Juan Carlos >>> >>> ________________________________________ >>> De: Ryan Barnett [RBa...@tr...] >>> Enviado el: jueves, 02 de junio de 2011 07:28 a.m. >>> Para: mod...@li... >>> Asunto: Re: [Mod-security-developers] ModSecurity for Java >>> >>> Hey Juan Carlos, >>> Thanks for the update! Have you looked at the "MsHttpServletResponse.java" >>>code from the old ModSecurity for Java project? >>> http://www.modsecurity.org/download/msj-m3c.war >>> >>> Maybe that would help. >>> >>> -Ryan >>> >>> From: Juan calderon <jua...@ow...<mailto:jua...@ow...>> >>> Reply-To: >>>"mod...@li...<mailto:mod...@li...>" >>> >>> >>><mod...@li...<mailto:mod...@li...>> >>> >>> >>> Date: Thu, 2 Jun 2011 00:51:39 -0500 >>> To: >>>"mod...@li...<mailto:mod...@li...>" >>> >>> >>><mod...@li...<mailto:mod...@li...>> >>> >>> >>> Subject: [Mod-security-developers] ModSecurity for Java >>> >>> Hello Guys >>> >>> Just a little update, Rule parser for this project is already working and >>>supporting the 4 directives (SecRuleEngine, SecRule, SecRequestBodyAccess, >>>SecResponseBodyAccess ) of Rule Language Porting Spec Level 1 :) >>> >>> I am struggling to get the Response variables working, I always get an empty >>>string for the response body buffer :(, can anyone give me some support on >>>this one, I might not be using the ReponseWrapper correctly. >>> >>> Regards, >>> Juan Carlos Calderon >>> >>> ________________________________ >>> This transmission may contain information that is privileged, confidential, >>>and/or exempt from disclosure under applicable law. If you are not the >>intended >>>recipient, you are hereby notified that any disclosure, copying, >distribution, >>>or use of the information contained herein (including any reliance thereon) >is >>>STRICTLY PROHIBITED. If you received this transmission in error, please >>>immediately contact the sender and destroy the material in its entirety, >>>whether in electronic or hard copy format. >>> >>> >>> >------------------------------------------------------------------------------ >>> Simplify data backup and recovery for your virtual environment with > vRanger. >>> Installation's a snap, and flexible recovery options mean your data is safe, >>> secure and there when you need it. Data protection magic? >>> Nope - It's vRanger. Get your free trial download today. >>> http://p.sf.net/sfu/quest-sfdev2dev >>> _______________________________________________ >>> mod-security-developers mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustwave's SpiderLabs: >>> https://www.trustwave.com/spiderLabs.php >>> >------------------------------------------------------------------------------ >>> Simplify data backup and recovery for your virtual environment with > vRanger. >>> Installation's a snap, and flexible recovery options mean your data is safe, >>> secure and there when you need it. Discover what all the cheering's about. >>> Get your free trial download today. >>> http://p.sf.net/sfu/quest-dev2dev2 >>> _______________________________________________ >>> mod-security-developers mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustwave's SpiderLabs: >>> https://www.trustwave.com/spiderLabs.php >>> >> >>------------------------------------------------------------------------------ >>EditLive Enterprise is the world's most technically advanced content >>authoring tool. Experience the power of Track Changes, Inline Image >>Editing and ensure content is compliant with Accessibility Checking. >>http://p.sf.net/sfu/ephox-dev2dev >> >>_______________________________________________ >>mod-security-developers mailing list >>mod...@li... >>https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>ModSecurity Services from Trustwave's SpiderLabs: >>https://www.trustwave.com/spiderLabs.php >> > |
