Re: [mod-security-users] Sanitize JSON Request / Response
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Sanitize JSON Request / Response
|
From: Robert P. <rpa...@fe...> - 2018-03-20 18:41:20
|
Whups, wow, I really need to open my eyes :p The patch above allows for sanitizing JSON request bodies only when SecAuditLogFormat is *also* set to JSON. I've pushed up https://github.com/SpiderLabs/ModSecurity/pull/1714 which enables sanitization of JSON request bodies in native audit log formats. On Thu, Mar 15, 2018 at 1:07 PM, Osama Elnaggar <oel...@gm...> wrote: > I don't think the proposed patch actually works. I tried patching v2.9.2 > with it and even using v2 master but with no success. Have you been able > to get the patch working Robert? > > -- > Osama Elnaggar > > On March 15, 2018 at 11:06:37 AM, Robert Paprocki (rpaprocki@ > fearnothingproductions.net) wrote: > > Have a look at > > https://github.com/SpiderLabs/ModSecurity/commit/ > f86de566d18dda6351ecba52d5e5f1d29ad02a12 > > JSON body audit log sanitization was only very recently introduced, it's > not yet made its way to a formal release. (I need to check sources before > opening my mouth :p). > > So you can rebuild ModSecurity off `v2/master` if you want to test this > functionality. :) > > On Wed, Mar 14, 2018 at 4:47 PM, Cristiano Galdino <cri...@ga...> > wrote: > >> Hello there! >> >> If modsecurity can parse the values of JSON payloads, why can not it >> sanitize? >> >> This is non-sense for me. >> >> Look this request: >> $> curl -H "Content-Type: application/json" -X POST -d >> '{"CVV":"123","blah":"/bin/bash"}' localhost/Authenticate >> >> and this is audit-log: >> >> --9eb5dc70-A-- >> >> [14/Mar/2018:20:37:35 --0300] WqmyP6wfJasAAFQJf@AAAAAS 127.0.0.1 53230 >> 127.0.0.1 80 >> >> --9eb5dc70-B-- >> >> POST /Authenticate HTTP/1.1 >> >> Host: localhost >> >> User-Agent: curl/7.47.0 >> >> Accept: */* >> >> Content-Type: application/json >> >> Content-Length: 36 >> >> >> --9eb5dc70-C-- >> >> {"CVV":"123","blah":"/bin/bash"} >> >> --9eb5dc70-E-- >> >> {"message":"Failed"} >> >> --9eb5dc70-F-- >> >> HTTP/1.1 400 Bad Request >> >> Access-Control-Allow-Origin: * >> >> Content-Type: application/json >> >> Content-Length: 190 >> >> X-Content-Type-Options: nosniff >> >> X-Frame-Options: sameorigin >> >> Connection: close >> >> >> --9eb5dc70-H-- >> >> Message: Warning. Matched phrase "bin/bash" at ARGS:blah. [file >> "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] >> [line "448"] [id "932160"] [rev "1"] [msg "Remote Command Execution: Unix >> Shell Code Found"] [data "Matched Data: bin/bash found within ARGS:blah: >> /bin/bash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] >> [accuracy "8"] [tag "application-multi"] [tag "language-shell"] [tag >> "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] >> [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] >> >> Message: Warning. Operator GE matched 5 at TX:anomaly_score. [file >> "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] >> [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total >> Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag >> "language-multi"] [tag "platform-multi"] [tag "attack-generic"] >> >> Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. >> [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] >> [line "73"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total >> Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): >> Remote Command Execution: Unix Shell Code Found"] [tag "event-correlation"] >> >> Apache-Handler: proxy-server >> >> Stopwatch: 1521070655519139 8420 (- - -) >> >> Stopwatch2: 1521070655519139 8420; combined=1400, p1=343, p2=801, p3=40, >> p4=129, p5=86, sr=35, sw=1, l=0, gc=0 >> >> Response-Body-Transformed: Dechunked >> >> Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/); >> OWASP_CRS/3.0.0. >> >> Server: Apache/2.4.18 >> >> Sanitised-Args: "CVV". >> >> Engine-Mode: "DETECTION_ONLY" >> >> >> --9eb5dc70-Z-- >> >> >> >> Cristiano Galdino >> (61) 9860 1 9860 >> cri...@ga... >> >> On 14 Mar 2018 19:05 -0300, Christian Folini <chr...@ne...>, >> wrote: >> >> Sorry, I was a bit quick to jump to that conclusion. Overlooked your >> remark >> on JSON. >> >> I confirm this does not work. >> >> Sanitation is generally an issue as there is no sanitation in the alerts >> written into the error-log. Even it is less severe as the audit log. >> >> Best, >> >> Christian >> >> >> On Wed, Mar 14, 2018 at 06:41:25PM -0300, Cristiano Galdino wrote: >> >> Yep! My application use JSON payloads. >> Christian, please try it: >> $> curl -H "Content-Type: application/json" -X POST -d '{"cvv”:"123"}' >> [1]http://localhost/?id=/bin/bash >> >> Cristiano Galdino >> (61) 9860 1 9860 >> cri...@ga... >> >> On 14 Mar 2018 18:38 -0300, Robert Paprocki >> <rpa...@fe...>, wrote: >> >> Christian, you tested with a application/x-www-form-urlencoded >> request; Christiano's use case involves JSON-encoded bodies. >> I do not believe JSON request bodies can be translated into data >> collections that can have sanitize actions applied on them at this >> point. >> >> On Wed, Mar 14, 2018 at 2:34 PM, Christian Folini >> <[2]chr...@ne...> wrote: >> >> Hello Cristiano, >> I did the following request: >> $> curl localhost -d "CVV=0000-0000-0000-0000" -d "exec=/bin/bash" >> and got the following audit-log when using CRS3 (parameter exec >> triggering >> the writing of the audit log): >> --a7997f3d-A-- >> [14/Mar/2018:22:29:03 +0100] WqmUH6r6pkVX9OUmJm3aggAAAAM 127.0.0.1 >> 50058 127.0.0.1 40080 >> --a7997f3d-B-- >> POST / HTTP/1.1 >> Host: localhost >> User-Agent: curl/7.50.1 >> Accept: */* >> Content-Length: 38 >> Content-Type: application/x-www-form-urlencoded >> --a7997f3d-C-- >> CVV=*******************&exec=/bin/bash >> --a7997f3d-F-- >> HTTP/1.1 200 OK >> Last-Modified: Sun, 17 Dec 2017 11:08:45 GMT >> ETag: "2d-5608741dac6fd" >> Accept-Ranges: bytes >> Content-Length: 45 >> Content-Type: text/html >> ... >> I'm running ModSec 2.9.2 on Apache 2.4.29, both self compiled >> according to >> the tutorials on [3]netnea.com. >> My ModSec Configuration: >> ------------------------------------------------------------ >> ------------------ >> SecRuleEngine On >> SecRequestBodyAccess On >> SecRequestBodyLimit 10000000 >> SecRequestBodyNoFilesLimit 64000 >> SecResponseBodyAccess On >> SecResponseBodyLimit 10000000 >> SecTmpDir /tmp/ >> SecDataDir /tmp/ >> SecUploadDir /tmp/ >> SecDebugLog /apache/logs/modsec_debug.log >> SecDebugLogLevel 3 >> SecAuditEngine RelevantOnly >> SecAuditLogRelevantStatus "^(?:5|4(?!04))" >> SecAuditLogParts ABEFHIJZ >> SecAuditLogType Concurrent >> SecAuditLog /apache/logs/modsec_audit.log >> SecAuditLogStorageDir /apache/logs/audit/ >> SecPcreMatchLimit 500000 >> SecPcreMatchLimitRecursion 500000 >> SecDefaultAction "phase:2,pass,log" >> # == ModSec Rule ID Namespace Definition >> # Service-specific before Core-Rules: 10000 - 49999 >> # Service-specific after Core-Rules: 50000 - 79999 >> # Locally shared rules: 80000 - 99999 >> # - Performance: 90000 - 90199 >> # Recommended ModSec Rules (few): 200000 - 200010 >> # OWASP Core-Rules: 900000 - 999999 >> # === ModSec timestamps at the start of each phase (ids: 90000 - >> 90009) >> SecAction "id:'90000',phase:1,nolog,pass,setvar:TX. >> ModSecTimestamp1start=%{DURATION}" >> SecAction "id:'90001',phase:2,nolog,pass,setvar:TX. >> ModSecTimestamp2start=%{DURATION}" >> SecAction "id:'90002',phase:3,nolog,pass,setvar:TX. >> ModSecTimestamp3start=%{DURATION}" >> SecAction "id:'90003',phase:4,nolog,pass,setvar:TX. >> ModSecTimestamp4start=%{DURATION}" >> SecAction "id:'90004',phase:5,nolog,pass,setvar:TX. >> ModSecTimestamp5start=%{DURATION}" >> # SecRule REQUEST_FILENAME "@beginsWith /" >> "id:'90005',phase:5,t:none,nolog,noauditlog,pass,setenv: >> write_perflog" >> # === ModSec Recommended Rules (in modsec src package) (ids: >> 200000-200010) >> SecRule REQUEST_HEADERS:Content-Type "text/xml" >> "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl: >> requestBodyProcessor=XML" >> SecRule REQBODY_ERROR "!@eq 0" "id:'200001',phase:2,t:none, >> deny,status:400,log,msg:'Failed to parse request body.',\ >> logdata:'%{reqbody_error_msg}',severity:2" >> SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ >> "id:'200002',phase:2,t:none,log,deny,status:403, \ >> msg:'Multipart request body failed strict validation: \ >> PE %{REQBODY_PROCESSOR_ERROR}, \ >> BQ %{MULTIPART_BOUNDARY_QUOTED}, \ >> BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ >> DB %{MULTIPART_DATA_BEFORE}, \ >> DA %{MULTIPART_DATA_AFTER}, \ >> HF %{MULTIPART_HEADER_FOLDING}, \ >> LF %{MULTIPART_LF_LINE}, \ >> SM %{MULTIPART_MISSING_SEMICOLON}, \ >> IQ %{MULTIPART_INVALID_QUOTING}, \ >> IP %{MULTIPART_INVALID_PART}, \ >> IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ >> FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" >> SecRule TX:/^MSC_/ "!@streq 0" "id:'200004',phase:2,t:none, >> deny,status:500,msg:'ModSecurity internal error flagged: >> %{MATCHED_VAR_NAME}'" >> # === ModSecurity Rules (ids: 900000-999999) >> # === ModSec Core Rules Base Configuration (ids: 900001-900021) >> Include /home/dune73/data/git/crs-official/crs-setup.conf. >> example >> SecAction "id:900111,phase:1,nolog,pass,t:none,setvar:tx.inbound_ >> anomaly_score_threshold=500,setvar:tx.outbound_anomaly_ >> score_threshold=500" >> SecAction "id:'900000',phase:1,nolog,pass,t:none,setvar:tx. >> paranoia_level=4" >> # === ModSecurity Ignore Rules Before Core Rules Inclusion; order by >> id of ignored rule (ids: 10000-49999) >> # SecRule ARGS:a "." >> "id:1001,phase:2,pass,log,msg:'XXX1: %{MATCHED_VAR}'" >> # SecRule ARGS_GET:a "." >> "id:1002,phase:2,pass,log,msg:'XXX2: %{MATCHED_VAR}'" >> # SecRule ARGS_POST:a "." >> "id:1003,phase:2,pass,log,msg:'XXX3: %{MATCHED_VAR}'" >> # SecRule REQUEST_URI "." >> "id:1004,phase:2,pass,log,msg:'XXX4: %{MATCHED_VAR}'" >> # SecRule REQUEST_HEADERS:User-Agent "." >> "id:1005,phase:2,pass,log,msg:'XXX5: %{MATCHED_VAR}'" >> SecRule ARGS:b "." "id:1006,phase:2,pass,log, >> auditlog,msg:'XXX6: %{MATCHED_VAR}'" >> SecAction "nolog,phase:2,id:101,sanitiseArg:CVV" >> SecAction "nolog,phase:4,id:102,sanitiseArg:CVV_Reponse" >> # === ModSecurity Core Rules Inclusion >> Include /home/dune73/data/git/crs-official/rules/*.conf >> # === ModSec Core Rules: Startup Time Rules Exclusions >> # === ModSec timestamps at the end of each phase (ids: 90010 - >> 90019) >> SecAction "id:'90010',phase:1,pass,nolog,setvar:TX. >> ModSecTimestamp1end=%{DURATION}" >> SecAction "id:'90011',phase:2,pass,nolog,setvar:TX. >> ModSecTimestamp2end=%{DURATION}" >> SecAction "id:'90012',phase:3,pass,nolog,setvar:TX. >> ModSecTimestamp3end=%{DURATION}" >> SecAction "id:'90013',phase:4,pass,nolog,setvar:TX. >> ModSecTimestamp4end=%{DURATION}" >> SecAction "id:'90014',phase:5,pass,nolog,setvar:TX. >> ModSecTimestamp5end=%{DURATION}" >> # === ModSec performance calculations and variable export (ids: >> 90100 - 90199) >> SecAction "id:'90100',phase:5,pass,nolog,setvar:TX.perf_ >> modsecinbound=%{PERF_PHASE1}" >> SecAction "id:'90101',phase:5,pass,nolog,setvar:TX.perf_ >> modsecinbound=+%{PERF_PHASE2}" >> SecAction "id:'90102',phase:5,pass,nolog,setvar:TX.perf_ >> application=%{TX.ModSecTimestamp3start}" >> SecAction "id:'90103',phase:5,pass,nolog,setvar:TX.perf_ >> application=-%{TX.ModSecTimestamp2end}" >> SecAction "id:'90104',phase:5,pass,nolog,setvar:TX.perf_ >> modsecoutbound=%{PERF_PHASE3}" >> SecAction "id:'90105',phase:5,pass,nolog,setvar:TX.perf_ >> modsecoutbound=+%{PERF_PHASE4}" >> SecAction "id:'90106',phase:5,pass,nolog,setenv:ModSecTimeIn=%{ >> TX.perf_modsecinbound}" >> SecAction "id:'90107',phase:5,pass,nolog,setenv:ApplicationTime=% >> {TX.perf_application}" >> SecAction "id:'90108',phase:5,pass,nolog,setenv:ModSecTimeOut=%{ >> TX.perf_modsecoutbound}" >> SecAction "id:'90109',phase:5,pass,nolog,setenv: >> ModSecAnomalyScoreIn=%{TX.anomaly_score}" >> SecAction "id:'90110',phase:5,pass,nolog,setenv: >> ModSecAnomalyScoreOut=%{TX.outbound_anomaly_score}" >> # === End ModSec Configuration >> ------------------------------------------------------------ >> ------------------ >> So I think this generally works. If it does not for you, then please >> try and >> reproduce the behaviour on the latest ModSec version of the 2.9 >> series and >> open a bug report in case. >> Ahoj, >> Christian >> On Wed, Mar 14, 2018 at 06:13:04PM -0300, Cristiano Galdino wrote: >> >> Hi Christian! >> Modsecurity: 2.9.0-1 (from Ubuntu repository) >> Apache 2.4.18-2ubuntu3.5 >> Tks! >> >> Cristiano Galdino >> [4]cri...@ga... >> >> On 14 Mar 2018 17:55 -0300, Christian Folini >> <[5]chr...@ne...>, wrote: >> >> Hello Christiano, >> What platform are you using? (-> ModSec version, Apache / >> >> NGINX / >> >> IIS?) >> Ahoj, >> Christian >> On Wed, Mar 14, 2018 at 05:06:28PM -0300, Cristiano Galdino >> >> wrote: >> >> >> Hello! >> I created a rule in ModSecurity to sanitize param CVV (credit >> >> card) >> >> but >> it is not working. >> Samples: >> SecAction "nolog,phase:2,id:101,sanitiseArg:CVV” >> SecAction "nolog,phase:4,id:102,sanitiseArg:CVV_Reponse" >> This prevents me from using modsecurity because PCI does not >> >> allow >> >> CVV >> to be stored. >> I found this issue without response. >> [1][6]https://github.com/SpiderLabs/ModSecurity/issues/715 >> What can I do? >> Cristiano Galdino >> [7]cri...@ga... >> References >> 1. [8]https://github.com/SpiderLabs/ModSecurity/issues/715 >> >> ------------------------------------------------------------ >> >> -------- >> >> ---------- >> Check out the vibrant tech community on one of the world's >> >> most >> >> engaging tech sites, Slashdot.org! >> >> [9]http://sdm.link/slashdot >> >> >> _______________________________________________ >> mod-security-users mailing list >> [10]mod...@li... >> [11]https://lists.sourceforge.net/ >> >> lists/listinfo/mod-security-users >> >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> [12]http://www.modsecurity.org/projects/commercial/rules/ >> [13]http://www.modsecurity.org/projects/commercial/support/ >> >> -- >> [14]https://www.feistyduck.com/training/modsecurity-training- >> >> course >> >> [15]https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:[16]chr...@ne... >> twitter: @ChrFolini >> ------------------------------------------------------------ >> >> -------- >> >> ---------- >> Check out the vibrant tech community on one of the world's >> >> most >> >> engaging tech sites, Slashdot.org! >> >> [17]http://sdm.link/slashdot >> >> _______________________________________________ >> mod-security-users mailing list >> [18]mod...@li... >> [19]https://lists.sourceforge.net/ >> >> lists/listinfo/mod-security-users >> >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> [20]http://www.modsecurity.org/projects/commercial/rules/ >> [21]http://www.modsecurity.org/projects/commercial/support/ >> ------------------------------------------------------------ >> >> ------------------ >> >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! [22]http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> [23]mod...@li... >> [24]https://lists.sourceforge.net/lists/listinfo/mod-security- >> >> users >> >> Commercial ModSecurity Rules and Support from Trustwave's >> >> SpiderLabs: >> >> [25]http://www.modsecurity.org/projects/commercial/rules/ >> [26]http://www.modsecurity.org/projects/commercial/support/ >> >> -- >> [27]https://www.feistyduck.com/training/modsecurity-training-course >> [28]https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:[29]chr...@ne... >> twitter: @ChrFolini >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! [30]http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> [31]mod...@li... >> [32]https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> [33]http://www.modsecurity.org/projects/commercial/rules/ >> [34]http://www.modsecurity.org/projects/commercial/support/ >> >> -------------------------------------------------------------------- >> ---------- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> References >> >> 1. http://localhost:3000/api/login >> 2. mailto:chr...@ne... >> 3. http://netnea.com/ >> 4. mailto:cri...@ga... >> 5. mailto:chr...@ne... >> 6. https://github.com/SpiderLabs/ModSecurity/issues/715 >> 7. mailto:cri...@ga... >> 8. https://github.com/SpiderLabs/ModSecurity/issues/715 >> 9. http://sdm.link/slashdot >> 10. mailto:mod...@li... >> 11. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 12. http://www.modsecurity.org/projects/commercial/rules/ >> 13. http://www.modsecurity.org/projects/commercial/support/ >> 14. https://www.feistyduck.com/training/modsecurity-training-course >> 15. https://www.feistyduck.com/books/modsecurity-handbook/ >> 16. mailto:chr...@ne... >> 17. http://sdm.link/slashdot >> 18. mailto:mod...@li... >> 19. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 20. http://www.modsecurity.org/projects/commercial/rules/ >> 21. http://www.modsecurity.org/projects/commercial/support/ >> 22. http://sdm.link/slashdot >> 23. mailto:mod...@li... >> 24. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 25. http://www.modsecurity.org/projects/commercial/rules/ >> 26. http://www.modsecurity.org/projects/commercial/support/ >> 27. https://www.feistyduck.com/training/modsecurity-training-course >> 28. https://www.feistyduck.com/books/modsecurity-handbook/ >> 29. mailto:chr...@ne... >> 30. http://sdm.link/slashdot >> 31. mailto:mod...@li... >> 32. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 33. http://www.modsecurity.org/projects/commercial/rules/ >> 34. http://www.modsecurity.org/projects/commercial/support/ >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> >> >> -- >> https://www.feistyduck.com/training/modsecurity-training-course >> https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:chr...@ne... >> twitter: @ChrFolini >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ > _________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
