Re: [mod-security-users] crs ruleset and trace method?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] crs ruleset and trace method?
|
From: Eero V. <eer...@ik...> - 2018-03-21 10:11:32
|
Not enought familiar with modsecurity. Just wondering, that there is no any rule to block trace in crs. is there easy way to implement that? -- Eero On Wed, Mar 21, 2018 at 11:53 AM, Christian Folini < chr...@ne...> wrote: > Hey Eero, > > The TRACE method is somewhat special. At least in Apache. The request > skips phase 2 and thus the CRS rule covering tx.allowed_methods. > > There are discussions to move this block of rules to phase 1 though. > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1015 > > You may want to chime in there. > > Ahoj, > > Christian > > On Wed, Mar 21, 2018 at 09:15:52AM +0200, Eero Volotinen wrote: > > Hi, > > > > Just noticed that crs ruleset is not blocking trace method, even > > setvar:'tx.allowed_methods=GET POST'" > > > > Is this a bug? > > > > Eero > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:chr...@ne... > twitter: @ChrFolini > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
