Re: [Mod-security-developers] Question regarding transaction::processConnection()
Brought to you by:
victorhora,
zimmerletw
From: Felipe C. <FC...@tr...> - 2018-03-07 20:28:20
|
Hi Jai, In that specific case, those are the representation of SecMarkers. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Jai Harpalani <jai...@mu...> Date: Wednesday, March 7, 2018 at 12:16 PM To: Felipe Costa <FC...@tr...> Cc: "mod...@li..." <mod...@li...> Subject: Re: [Mod-security-developers] Question regarding transaction::processConnection() Using version 3.0.0 of libModSecurity. Below is output after each set of OWASP CRS rules are added. As you can see, some rules are added to Phase 0 after each CRS rule set is added. I am not sure what these rules do. what> modSecShowRules Rules: Phase: 0 (0 rules) Phase: 1 (0 rules) Phase: 2 (0 rules) Phase: 3 (0 rules) Phase: 4 (0 rules) Phase: 5 (0 rules) Phase: 6 (0 rules) Phase: 7 (0 rules) what> modSecAddRules -p /opt/esg/current/runtime/owasp-modsecurity-crs/modsecurity.conf what> modSecShowRules Rules: Phase: 0 (0 rules) Phase: 1 (0 rules) Phase: 2 (2 rules) Rule ID: 200000--0x561d935fce20 Rule ID: 200001--0x561d935fd430 Phase: 3 (4 rules) Rule ID: 200002--0x561d935d0690 Rule ID: 200003--0x561d93642530 Rule ID: 200004--0x561d93642d60 Rule ID: 200005--0x561d935d6160 Phase: 4 (0 rules) Phase: 5 (0 rules) Phase: 6 (0 rules) Phase: 7 (0 rules) what> modSecAddRules -p /opt/esg/current/runtime/owasp-modsecurity-crs/crs-setup.conf what> modSecShowRules Rules: Phase: 0 (0 rules) Phase: 1 (0 rules) Phase: 2 (4 rules) Rule ID: 200000--0x561d935fce20 Rule ID: 200001--0x561d935fd430 Rule ID: 900950--0x561d935d62c0 Rule ID: 900990--0x561d935d66a0 Phase: 3 (4 rules) Rule ID: 200002--0x561d935d0690 Rule ID: 200003--0x561d93642530 Rule ID: 200004--0x561d93642d60 Rule ID: 200005--0x561d935d6160 Phase: 4 (0 rules) Phase: 5 (0 rules) Phase: 6 (0 rules) Phase: 7 (0 rules) what> modSecAddRules -p /opt/esg/current/runtime/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf what> modSecShowRules Rules: Phase: 0 (1 rules) Rule ID: 0--0x561d92adf2a0 Phase: 1 (1 rules) Rule ID: 0--0x561d92adf3b0 Phase: 2 (39 rules) (..) Phase: 3 (5 rules) Rule ID: 200002--0x561d935d0690 Rule ID: 200003--0x561d93642530 Rule ID: 200004--0x561d93642d60 Rule ID: 200005--0x561d935d6160 Rule ID: 0--0x561d92adf5d0 Phase: 4 (1 rules) Rule ID: 0--0x561d92adf6e0 Phase: 5 (1 rules) Rule ID: 0--0x561d92adf7f0 Phase: 6 (1 rules) Rule ID: 0--0x561d92b7def0 Phase: 7 (0 rules) what> what> modSecAddRules -p /opt/esg/current/runtime/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf what> modSecShowRules Rules: Phase: 0 (2 rules) Rule ID: 0--0x561d92adf2a0 Rule ID: 0--0x561d93599630 Phase: 1 (2 rules) Rule ID: 0--0x561d92adf3b0 Rule ID: 0--0x561d93599760 Phase: 2 (49 rules) (..) Rule ID: 0--0x561d93599da0 Phase: 7 (0 rules) what> modSecAddRules -p /opt/esg/current/runtime/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf what> modSecShowRules Rules: Phase: 0 (4 rules) Rule ID: 0--0x561d92adf2a0 Rule ID: 0--0x561d93599630 Rule ID: 0--0x561d935bc6b0 Rule ID: 0--0x561d92dface0 Phase: 1 (4 rules) Rule ID: 0--0x561d92adf3b0 Rule ID: 0--0x561d93599760 (…) |