Re: [Mod-security-developers] Directive Names in NginX and IIS
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Directive Names in NginX and IIS
|
From: Felipe C. <FC...@tr...> - 2016-09-05 15:52:13
|
Hi Christian, On 9/5/16, 11:14 AM, "Christian Folini" <chr...@ne...> wrote: (…) >With Apache, it is the Apache directive parser which guarantees that >directives are case insensitive. So I was not sure for the other >cases. But you confirm it's the same with IIS and nginX (and >libmodsec, where you made sure it works consitently)? > For the apache version, like you cited, we use the Apache parser. For the standalone modules (2.x family) we use standalone parser which is basically the same thing as Apache does: [1]. The libmodsecurity implementation is the most different one, that involves a grammar. I would say that if one specific version is acting different from the others we have a bug. Since the Apache is the first one, we have to respect what we have there. [1] https://github.com/SpiderLabs/ModSecurity/blob/master/standalone/config.c Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
