Re: [mod-security-users] crs ruleset and trace method?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] crs ruleset and trace method?
|
From: Christian F. <chr...@ne...> - 2018-03-21 10:25:20
|
Hello Eero, On Wed, Mar 21, 2018 at 12:11:15PM +0200, Eero Volotinen wrote: > Just wondering, that there is no any rule to block trace in crs. is there > easy way to implement that? You can blog TRACE in 3 ways in Apache: - TraceEnable Off (-> This is the default in 2.4) - mod_allowmethods (never did this with TRACE. Maybe it has special treatment. better check.) - Write ModSec Rule in phase 1 (Take existing CRS rule as a base or look at ModSec integration tutorial at netnea.com and take the method check in the whitelisting example) Cheers, Christian > > -- > Eero > > On Wed, Mar 21, 2018 at 11:53 AM, Christian Folini < > chr...@ne...> wrote: > > > Hey Eero, > > > > The TRACE method is somewhat special. At least in Apache. The request > > skips phase 2 and thus the CRS rule covering tx.allowed_methods. > > > > There are discussions to move this block of rules to phase 1 though. > > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1015 > > > > You may want to chime in there. > > > > Ahoj, > > > > Christian > > > > On Wed, Mar 21, 2018 at 09:15:52AM +0200, Eero Volotinen wrote: > > > Hi, > > > > > > Just noticed that crs ruleset is not blocking trace method, even > > > setvar:'tx.allowed_methods=GET POST'" > > > > > > Is this a bug? > > > > > > Eero > > > > > ------------------------------------------------------------ > > ------------------ > > > Check out the vibrant tech community on one of the world's most > > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > -- > > https://www.feistyduck.com/training/modsecurity-training-course > > https://www.feistyduck.com/books/modsecurity-handbook/ > > mailto:chr...@ne... > > twitter: @ChrFolini > > > > ------------------------------------------------------------ > > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
