|
From: Felipe C. <FC...@tr...> - 2016-06-20 12:59:41
|
Hi, The rules ID reservation is not something that is enforced by ModSecurity, in this Wikipage we keep a catalog of who is using each range, the intention is to be informative only. If you want to create custom rules, and deploy altogether with any of the ruleset listed on the Wikipage, it will be easy to choose a different range for the IDs, to avoid conflict. As we don’t have any enforcement on ModSecurity, I don’t see a reason to have a process to accept or not a this range “reservation”. For the matter of fact, we can also have overlap in the so called reservation. I don’t see a reason why ModSecurity should enforce/limit or dictate the rule ID that a user should use or not. Do you think otherwise? Maybe the documentation needs to be clarified a little bit. The word “reservation” may not the best one. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 6/19/16, 3:47 PM, "Christian Folini" <chr...@ne...<mailto:chr...@ne...>> wrote: Hello Walter, On Sun, Jun 19, 2016 at 05:41:47PM +0200, Walter Hop wrote: > With 200K range assigned to Comodo, the case is even weirder. The ModSec > project itself is definitely distributing rules in this range in: > http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuT3qMGGPAA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2fmaster%2fmodsecurity%2econf-recommended <http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuT3qMGGPAA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2fmaster%2fmodsecurity%2econf-recommended> Current version of Comodo’s rules starts at id 210000 right now. So this would be a typo then. Would make sense. Thank you for the info. Have not had the Comodo rules in my hand... (But I can confirm Atomicorp is sticking to their range with one exception. Sent them a message.) Ahoj, Christian I don’t have any contacts with their developers, but if they would agree to keep working at 210000 and higher, we could legalize the de facto use of 200xxx by modsecurity.conf (which will be widespread for lots of years anyway): 200000-200999: ModSecurity 210000-299999: Comodo -- Walter Hop | PGP key: http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuW_gMm7dVw&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuTyxNjuNBQ&s=5&u=http%3a%2f%2fsdm%2elink%2fzohomanageengine _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuWngOm3ZBA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php -- mailto:chr...@ne... http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuWi2Z27XVQ&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech twitter: @ChrFolini ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuTyxNjuNBQ&s=5&u=http%3a%2f%2fsdm%2elink%2fzohomanageengine _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuWngOm3ZBA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
