Re: [Mod-security-developers] Presentation and Mod Security for Java Advance
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Presentation and Mod Security for Java Advance
|
From: Breno S. <bre...@gm...> - 2011-10-10 13:27:46
|
Good Job Juan! On Sun, Oct 9, 2011 at 11:46 PM, Juan calderon <jua...@ow...>wrote: > Hello All > > Just keeping you updated, I didn't make it to release WAF this week as > planned, yet this is how I am doing so far. > > > The Following variables are now available: > ARGS, ARGS_NAMES, QUERY_STRING, REMOTE_ADDR, REQUEST_BASENAME, > REQUEST_COOKIES, REQUEST_COOKIES_NAMES, REQUEST_FILENAME, > REQUEST_HEADERS_NAMES, REQUEST_HEADERS, REQUEST_METHOD, REQUEST_PROTOCOL, > REQUEST_URI, REQUEST_URI_RAW, RESPONSE_CONTENT_TYPE. > > Operators > > - rx > - eq > - ge > - gt > - le > - lt > > Actions > > - msg > - id > - rev > - severity > - log > - block > - status > - phase > - t > > Transformation Functions > > - lowercase > - urlDecode > - compressWhitespace > - removeWhitespace > - replaceNulls > - removeNulls > > Phases > phase:1 - Request headers stage > phase:2 - Request body stage > phase:4 - Response body stage > > Phase 3 is not available in Java, thus, Java 4 will be used as a fall back > to phase 3 actions. > > Also support for individual Mode Security rules and external rule files is > implemented so you can embed Mod_Security rules in current XML configuration > file or "include" a whole rules file ot the WAF rule-set. > > Missing parts are: > 1. Response variables are still not available > 2. Some actions are missing like "skip" and "chain" > 3. Mod_Security format logging is still not implemented. > > So as you can see we are almost there, yet, some work is still missing. Now > since I am in charge of OWASP Day Mexico 2011, I do not expect to have any > advance for the next 30 days until the event finishes on Nov 11. so my new > target date is Dec 25 I think it will be a good christmas gift. > > Regards, > Juan Carlos > > > On Thu, Apr 21, 2011 at 10:24 PM, Juan calderon <jua...@ow...>wrote: > >> Hello Guys >> >> My name is Juan Carlos Calderon I live in Mexico and I am creating the >> ModSecurity Java Port by including Level 1 Port Specification functionality >> to OWASP Java WAF. I want to give you a small update on my advance. >> >> The Following variables are now available: >> ARGS, ARGS_NAMES, QUERY_STRING, REMOTE_ADDR, REQUEST_BASENAME, >> REQUEST_COOKIES, REQUEST_COOKIES_NAMES, REQUEST_FILENAME, >> REQUEST_HEADERS_NAMES, REQUEST_HEADERS, REQUEST_METHOD, REQUEST_PROTOCOL, >> REQUEST_URI, REQUEST_URI_RAW, RESPONSE_CONTENT_TYPE. >> >> Phases >> phase:1 - Request headers stage >> phase:2 - Request body stage >> phase:4 - Response body stage >> >> Phase 3 is not available in Java, thus, Java 4 will be used as a fall back >> to phase 3 actions. >> >> Little by little the port is taking shape. >> >> Regards, >> Juan Carlos Calderon >> > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
