|
From: Christian F. <chr...@ne...> - 2016-06-20 19:22:31
|
Hello Felipe, Thank you for your clarification. On Mon, Jun 20, 2016 at 12:44:27PM +0000, Felipe Costa wrote: > I don’t see a reason why ModSecurity should enforce/limit or dictate the rule ID that a > user should use or not. Do you think otherwise? No, there is no point in enforcing. But I think the documentation could be a bit clearer. And there should not be any obvious errors in the published ranges. As the ModSecurity project is distributing rules 200,000 - 200,005, the documentation should not assign this range to Comodo. Why don't we write the following: ----------------------------------------------------------------------- The following is a list of ranges known to be used to by providers of rules. 1 - 99,999 ... ... used by ... ... assigned to ... ModSecurity does not enforce these ranges and the reservation is only informal. However, if you plan to distribute rules, it makes sense to take assigned rule ranges into consideration or your users will run into conflicts, if they combined multiple rulesets. If you would like to appear in this list with your project or your product, then please get in touch with ... ----------------------------------------------------------------------- And a final note: There is now a single 100K range below 1M available. Personally, I would not add projects to this list who want such a large range for themselves. Best, Christian > > Maybe the documentation needs to be clarified a little bit. The word “reservation” may > not the best one. > > Br., > Felipe “Zimmerle” Costa > Security Researcher, Lead Developer ModSecurity. > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > On 6/19/16, 3:47 PM, "Christian Folini" <chr...@ne...<mailto:chr...@ne...>> wrote: > > Hello Walter, > > On Sun, Jun 19, 2016 at 05:41:47PM +0200, Walter Hop wrote: > > With 200K range assigned to Comodo, the case is even weirder. The ModSec > > project itself is definitely distributing rules in this range in: > > http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuT3qMGGPAA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2fmaster%2fmodsecurity%2econf-recommended <http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuT3qMGGPAA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2fmaster%2fmodsecurity%2econf-recommended> > Current version of Comodo’s rules starts at id 210000 right now. > > So this would be a typo then. Would make sense. Thank you for the > info. Have not had the Comodo rules in my hand... > > (But I can confirm Atomicorp is sticking to their range with one > exception. Sent them a message.) > > Ahoj, > > Christian > > > I don’t have any contacts with their developers, but if they would agree to keep working at 210000 and higher, we could legalize the de facto use of 200xxx by modsecurity.conf (which will be widespread for lots of years anyway): > 200000-200999: ModSecurity > 210000-299999: Comodo > -- > Walter Hop | PGP key: http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuW_gMm7dVw&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports. http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuTyxNjuNBQ&s=5&u=http%3a%2f%2fsdm%2elink%2fzohomanageengine > > _______________________________________________ > mod-security-developers mailing list > mod...@li...<mailto:mod...@li...> > http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuWngOm3ZBA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > -- > mailto:chr...@ne... > http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuWi2Z27XVQ&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech > twitter: @ChrFolini > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports. http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuTyxNjuNBQ&s=5&u=http%3a%2f%2fsdm%2elink%2fzohomanageengine > _______________________________________________ > mod-security-developers mailing list > mod...@li...<mailto:mod...@li...> > http://scanmail.trustwave.com/?c=4062&d=zujm12PqzlI-rMIdy_JmyIOdtuJ8qcqIuWngOm3ZBA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports. http://sdm.link/zohomanageengine > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
