Re: [mod-security-users] (no subject)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] (no subject)
|
From: Ryan B. <RBa...@tr...> - 2012-08-31 01:05:13
|
See the following: http://blog.spiderlabs.com/2011/09/modsecurity-advanced-topic-of-the-week-remote-file-inclusion-attack-detection.html -- Ryan Barnett Researcher Lead Trustwave - SpiderLabs On Aug 30, 2012, at 8:05 PM, "Alfredo Del Fabro Neto" <alf...@re...<mailto:alf...@re...>> wrote: Hi, I would like help of you. I am having a problem with a RFI attack. If I have a link like this "http://192.168.1.102/file.php?arg=http://192.168.1.101/index.html" in a request, the ModSecurity detects the attack. But, if I have a link like this "http://192.168.1.102/file.php?arg=http://www.valid-domain.com/index.html" in a request, the ModSecurity don't detects the attack. Does anyone know what might be happening? Best Regards. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
