Re: [mod-security-users] crs ruleset and trace method?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] crs ruleset and trace method?
|
From: Osama E. <oel...@gm...> - 2018-03-21 10:21:04
|
For Apache 2, add the following to Apache’s configuration: TraceEnable Off nginx: use limit_except - https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_except -- Osama Elnaggar On March 21, 2018 at 9:13:52 PM, Eero Volotinen (eer...@ik...) wrote: Not enought familiar with modsecurity. Just wondering, that there is no any rule to block trace in crs. is there easy way to implement that? -- Eero On Wed, Mar 21, 2018 at 11:53 AM, Christian Folini < chr...@ne...> wrote: > Hey Eero, > > The TRACE method is somewhat special. At least in Apache. The request > skips phase 2 and thus the CRS rule covering tx.allowed_methods. > > There are discussions to move this block of rules to phase 1 though. > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1015 > > You may want to chime in there. > > Ahoj, > > Christian > > On Wed, Mar 21, 2018 at 09:15:52AM +0200, Eero Volotinen wrote: > > Hi, > > > > Just noticed that crs ruleset is not blocking trace method, even > > setvar:'tx.allowed_methods=GET POST'" > > > > Is this a bug? > > > > Eero > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:chr...@ne... > twitter: @ChrFolini > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
