Re: [mod-security-users] ModSecurity phase timing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ModSecurity phase timing
|
From: Robert P. <rpa...@fe...> - 2018-03-26 16:15:54
|
Yes but how do you correlate this to a specific, known request? And what is to be done with rulesets that rely on phase timing data? Are they unsupported forever? > On Mar 26, 2018, at 08:52, Felipe Costa <FC...@tr...> wrote: > > Hi, > > > > On 3/23/18, 5:29 PM, "Christian Folini" <chr...@ne...> wrote: > > > > Hey Zimmerle, > > > > That makes sense, but I think it does not hold up when you look closer. > > > > Why do you think so? > > > > Correct me if I am wrong, but correlating stap with an individual request > > is much more difficult than saving the perf-data out of ModSec directly > > into the access-log (Apache / ModSec 2.9) or error-log (NGINX / ModSec 3.0). > > IMHO it is easy as there is no file to be parsed. > > (…) > > > Br., > Felipe “Zimmerle” Costa > Security Researcher, Lead Developer ModSecurity. > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
