Re: [mod-security-users] Sanitize JSON Request / Response
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Sanitize JSON Request / Response
|
From: Osama E. <oel...@gm...> - 2018-04-04 10:48:46
|
Hi Robert, Sorry for the late reply. I was a little busy the past 2 weeks. I just retested it (on 2.9.2 + manually patching the two files mentioned here - https://github.com/SpiderLabs/ModSecurity/pull/1714/files) It looks like: - it works if the output format (SecAuditLogFormat) is JSON - it doesn't work if the output is Native For example, with the following rule: SecAction "phase:5,id:22,nolog,pass,sanitiseArg:cvv" and the following request: curl -H "Content-Type: application/json" -X POST -d '{"cvv":"123"}' http://localhost/?id=/bin/bash and SecAuditLogFormat JSON, I get the following: .. "body":["{\"cvv\":\"***\"}"]} .. while with normal native logging, I get the following: --c2397953-C-- {"cvv":"123"} In my previous email below, I was looking at native logging so it appeared that it wasn’t sanitizing the output. Thanks. -- Osama Elnaggar On March 21, 2018 at 11:19:51 AM, Robert Paprocki ( rpa...@fe...) wrote: Can you post a reproducible example (and what git commit you built against) to verify? Im afk and don't have access to my dev env but I did see that the current v2/master does sanitize args in json bodied noted with the "sanitizearg" rule action (assuming the body processing engine is configured appropriately of course) Sent from my iPhone On Mar 20, 2018, at 14:25, Osama Elnaggar <oel...@gm...> wrote: Are you sure about this? I tried it with the format set to JSON and it still didn’t work. If you are interesting in tackling this, below are some pointers Felipe sent a few months ago: The general idea is that the content to be sanitized is placed under an apt_trable that is further checked while the logs are being generated. For instance: regarding the request headers, we have the log generation detailed here: https://github.com/SpiderLabs/ModSecurity/blob/bb577950bf983811ff1892e87d815a1909c0b96b/apache2/msc_logging.c#L1211-L1236 As of the "sanitization selection”, we have: https://github.com/SpiderLabs/ModSecurity/blob/923c3c67938da4de4f7f147816b6d2d6ffff5e6f/apache2/re_actions.c#L1425-L1431 The sanitizeMatch is a little bit more complex, but still uses the same logic: https://github.com/SpiderLabs/ModSecurity/blob/923c3c67938da4de4f7f147816b6d2d6ffff5e6f/apache2/re_actions.c#L1350-L1423 All the sanitize actions are bound here - https://github.com/SpiderLabs/ModSecurity/blob/923c3c67938da4de4f7f147816b6d2d6ffff5e6f/apache2/re_actions.c#L2663-L2791 Both JSON and XML have their own structures to hold their data, as you can see: - JSON: https://github.com/SpiderLabs/ModSecurity/blob/923c3c67938da4de4f7f147816b6d2d6ffff5e6f/apache2/modsecurity.h#L391 - XML: https://github.com/SpiderLabs/ModSecurity/blob/923c3c67938da4de4f7f147816b6d2d6ffff5e6f/apache2/modsecurity.h#L389 -- Osama Elnaggar On March 21, 2018 at 5:41:12 AM, Robert Paprocki ( rpa...@fe...) wrote: Whups, wow, I really need to open my eyes :p The patch above allows for sanitizing JSON request bodies only when SecAuditLogFormat is *also* set to JSON. I've pushed up https://github.com/SpiderLabs/ModSecurity/pull/1714 which enables sanitization of JSON request bodies in native audit log formats. On Thu, Mar 15, 2018 at 1:07 PM, Osama Elnaggar <oel...@gm...> wrote: > I don't think the proposed patch actually works. I tried patching v2.9.2 > with it and even using v2 master but with no success. Have you been able > to get the patch working Robert? > > -- > Osama Elnaggar > > On March 15, 2018 at 11:06:37 AM, Robert Paprocki (rpaprocki@ > fearnothingproductions.net) wrote: > > Have a look at > > https://github.com/SpiderLabs/ModSecurity/commit/ > f86de566d18dda6351ecba52d5e5f1d29ad02a12 > > JSON body audit log sanitization was only very recently introduced, it's > not yet made its way to a formal release. (I need to check sources before > opening my mouth :p). > > So you can rebuild ModSecurity off `v2/master` if you want to test this > functionality. :) > > On Wed, Mar 14, 2018 at 4:47 PM, Cristiano Galdino <cri...@ga...> > wrote: > >> Hello there! >> >> If modsecurity can parse the values of JSON payloads, why can not it >> sanitize? >> >> This is non-sense for me. >> >> Look this request: >> $> curl -H "Content-Type: application/json" -X POST -d >> '{"CVV":"123","blah":"/bin/bash"}' localhost/Authenticate >> >> and this is audit-log: >> >> --9eb5dc70-A-- >> >> [14/Mar/2018:20:37:35 --0300] WqmyP6wfJasAAFQJf@AAAAAS 127.0.0.1 53230 >> 127.0.0.1 80 >> >> --9eb5dc70-B-- >> >> POST /Authenticate HTTP/1.1 >> >> Host: localhost >> >> User-Agent: curl/7.47.0 >> >> Accept: */* >> >> Content-Type: application/json >> >> Content-Length: 36 >> >> >> --9eb5dc70-C-- >> >> {"CVV":"123","blah":"/bin/bash"} >> >> --9eb5dc70-E-- >> >> {"message":"Failed"} >> >> --9eb5dc70-F-- >> >> HTTP/1.1 400 Bad Request >> >> Access-Control-Allow-Origin: * >> >> Content-Type: application/json >> >> Content-Length: 190 >> >> X-Content-Type-Options: nosniff >> >> X-Frame-Options: sameorigin >> >> Connection: close >> >> >> --9eb5dc70-H-- >> >> Message: Warning. Matched phrase "bin/bash" at ARGS:blah. [file >> "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] >> [line "448"] [id "932160"] [rev "1"] [msg "Remote Command Execution: Unix >> Shell Code Found"] [data "Matched Data: bin/bash found within ARGS:blah: >> /bin/bash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] >> [accuracy "8"] [tag "application-multi"] [tag "language-shell"] [tag >> "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] >> [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] >> >> Message: Warning. Operator GE matched 5 at TX:anomaly_score. [file >> "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] >> [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total >> Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag >> "language-multi"] [tag "platform-multi"] [tag "attack-generic"] >> >> Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. >> [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] >> [line "73"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total >> Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): >> Remote Command Execution: Unix Shell Code Found"] [tag "event-correlation"] >> >> Apache-Handler: proxy-server >> >> Stopwatch: 1521070655519139 8420 (- - -) >> >> Stopwatch2: 1521070655519139 8420; combined=1400, p1=343, p2=801, p3=40, >> p4=129, p5=86, sr=35, sw=1, l=0, gc=0 >> >> Response-Body-Transformed: Dechunked >> >> Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/); >> OWASP_CRS/3.0.0. >> >> Server: Apache/2.4.18 >> >> Sanitised-Args: "CVV". >> >> Engine-Mode: "DETECTION_ONLY" >> >> >> --9eb5dc70-Z-- >> >> >> >> Cristiano Galdino >> (61) 9860 1 9860 >> cri...@ga... >> >> On 14 Mar 2018 19:05 -0300, Christian Folini <chr...@ne...>, >> wrote: >> >> Sorry, I was a bit quick to jump to that conclusion. Overlooked your >> remark >> on JSON. >> >> I confirm this does not work. >> >> Sanitation is generally an issue as there is no sanitation in the alerts >> written into the error-log. Even it is less severe as the audit log. >> >> Best, >> >> Christian >> >> >> On Wed, Mar 14, 2018 at 06:41:25PM -0300, Cristiano Galdino wrote: >> >> Yep! My application use JSON payloads. >> Christian, please try it: >> $> curl -H "Content-Type: application/json" -X POST -d '{"cvv”:"123"}' >> [1]http://localhost/?id=/bin/bash >> >> Cristiano Galdino >> (61) 9860 1 9860 >> cri...@ga... >> >> On 14 Mar 2018 18:38 -0300, Robert Paprocki >> <rpa...@fe...>, wrote: >> >> Christian, you tested with a application/x-www-form-urlencoded >> request; Christiano's use case involves JSON-encoded bodies. >> I do not believe JSON request bodies can be translated into data >> collections that can have sanitize actions applied on them at this >> point. >> >> On Wed, Mar 14, 2018 at 2:34 PM, Christian Folini >> <[2]chr...@ne...> wrote: >> >> Hello Cristiano, >> I did the following request: >> $> curl localhost -d "CVV=0000-0000-0000-0000" -d "exec=/bin/bash" >> and got the following audit-log when using CRS3 (parameter exec >> triggering >> the writing of the audit log): >> --a7997f3d-A-- >> [14/Mar/2018:22:29:03 +0100] WqmUH6r6pkVX9OUmJm3aggAAAAM 127.0.0.1 >> 50058 127.0.0.1 40080 >> --a7997f3d-B-- >> POST / HTTP/1.1 >> Host: localhost >> User-Agent: curl/7.50.1 >> Accept: */* >> Content-Length: 38 >> Content-Type: application/x-www-form-urlencoded >> --a7997f3d-C-- >> CVV=*******************&exec=/bin/bash >> --a7997f3d-F-- >> HTTP/1.1 200 OK >> Last-Modified: Sun, 17 Dec 2017 11:08:45 GMT >> ETag: "2d-5608741dac6fd" >> Accept-Ranges: bytes >> Content-Length: 45 >> Content-Type: text/html >> ... >> I'm running ModSec 2.9.2 on Apache 2.4.29, both self compiled >> according to >> the tutorials on [3]netnea.com. >> My ModSec Configuration: >> ------------------------------------------------------------ >> ------------------ >> SecRuleEngine On >> SecRequestBodyAccess On >> SecRequestBodyLimit 10000000 >> SecRequestBodyNoFilesLimit 64000 >> SecResponseBodyAccess On >> SecResponseBodyLimit 10000000 >> SecTmpDir /tmp/ >> SecDataDir /tmp/ >> SecUploadDir /tmp/ >> SecDebugLog /apache/logs/modsec_debug.log >> SecDebugLogLevel 3 >> SecAuditEngine RelevantOnly >> SecAuditLogRelevantStatus "^(?:5|4(?!04))" >> SecAuditLogParts ABEFHIJZ >> SecAuditLogType Concurrent >> SecAuditLog /apache/logs/modsec_audit.log >> SecAuditLogStorageDir /apache/logs/audit/ >> SecPcreMatchLimit 500000 >> SecPcreMatchLimitRecursion 500000 >> SecDefaultAction "phase:2,pass,log" >> # == ModSec Rule ID Namespace Definition >> # Service-specific before Core-Rules: 10000 - 49999 >> # Service-specific after Core-Rules: 50000 - 79999 >> # Locally shared rules: 80000 - 99999 >> # - Performance: 90000 - 90199 >> # Recommended ModSec Rules (few): 200000 - 200010 >> # OWASP Core-Rules: 900000 - 999999 >> # === ModSec timestamps at the start of each phase (ids: 90000 - >> 90009) >> SecAction "id:'90000',phase:1,nolog,pass,setvar:TX. >> ModSecTimestamp1start=%{DURATION}" >> SecAction "id:'90001',phase:2,nolog,pass,setvar:TX. >> ModSecTimestamp2start=%{DURATION}" >> SecAction "id:'90002',phase:3,nolog,pass,setvar:TX. >> ModSecTimestamp3start=%{DURATION}" >> SecAction "id:'90003',phase:4,nolog,pass,setvar:TX. >> ModSecTimestamp4start=%{DURATION}" >> SecAction "id:'90004',phase:5,nolog,pass,setvar:TX. >> ModSecTimestamp5start=%{DURATION}" >> # SecRule REQUEST_FILENAME "@beginsWith /" >> "id:'90005',phase:5,t:none,nolog,noauditlog,pass,setenv: >> write_perflog" >> # === ModSec Recommended Rules (in modsec src package) (ids: >> 200000-200010) >> SecRule REQUEST_HEADERS:Content-Type "text/xml" >> "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl: >> requestBodyProcessor=XML" >> SecRule REQBODY_ERROR "!@eq 0" "id:'200001',phase:2,t:none, >> deny,status:400,log,msg:'Failed to parse request body.',\ >> logdata:'%{reqbody_error_msg}',severity:2" >> SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ >> "id:'200002',phase:2,t:none,log,deny,status:403, \ >> msg:'Multipart request body failed strict validation: \ >> PE %{REQBODY_PROCESSOR_ERROR}, \ >> BQ %{MULTIPART_BOUNDARY_QUOTED}, \ >> BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ >> DB %{MULTIPART_DATA_BEFORE}, \ >> DA %{MULTIPART_DATA_AFTER}, \ >> HF %{MULTIPART_HEADER_FOLDING}, \ >> LF %{MULTIPART_LF_LINE}, \ >> SM %{MULTIPART_MISSING_SEMICOLON}, \ >> IQ %{MULTIPART_INVALID_QUOTING}, \ >> IP %{MULTIPART_INVALID_PART}, \ >> IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ >> FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" >> SecRule TX:/^MSC_/ "!@streq 0" "id:'200004',phase:2,t:none, >> deny,status:500,msg:'ModSecurity internal error flagged: >> %{MATCHED_VAR_NAME}'" >> # === ModSecurity Rules (ids: 900000-999999) >> # === ModSec Core Rules Base Configuration (ids: 900001-900021) >> Include /home/dune73/data/git/crs-official/crs-setup.conf. >> example >> SecAction "id:900111,phase:1,nolog,pass,t:none,setvar:tx.inbound_ >> anomaly_score_threshold=500,setvar:tx.outbound_anomaly_ >> score_threshold=500" >> SecAction "id:'900000',phase:1,nolog,pass,t:none,setvar:tx. >> paranoia_level=4" >> # === ModSecurity Ignore Rules Before Core Rules Inclusion; order by >> id of ignored rule (ids: 10000-49999) >> # SecRule ARGS:a "." >> "id:1001,phase:2,pass,log,msg:'XXX1: %{MATCHED_VAR}'" >> # SecRule ARGS_GET:a "." >> "id:1002,phase:2,pass,log,msg:'XXX2: %{MATCHED_VAR}'" >> # SecRule ARGS_POST:a "." >> "id:1003,phase:2,pass,log,msg:'XXX3: %{MATCHED_VAR}'" >> # SecRule REQUEST_URI "." >> "id:1004,phase:2,pass,log,msg:'XXX4: %{MATCHED_VAR}'" >> # SecRule REQUEST_HEADERS:User-Agent "." >> "id:1005,phase:2,pass,log,msg:'XXX5: %{MATCHED_VAR}'" >> SecRule ARGS:b "." "id:1006,phase:2,pass,log, >> auditlog,msg:'XXX6: %{MATCHED_VAR}'" >> SecAction "nolog,phase:2,id:101,sanitiseArg:CVV" >> SecAction "nolog,phase:4,id:102,sanitiseArg:CVV_Reponse" >> # === ModSecurity Core Rules Inclusion >> Include /home/dune73/data/git/crs-official/rules/*.conf >> # === ModSec Core Rules: Startup Time Rules Exclusions >> # === ModSec timestamps at the end of each phase (ids: 90010 - >> 90019) >> SecAction "id:'90010',phase:1,pass,nolog,setvar:TX. >> ModSecTimestamp1end=%{DURATION}" >> SecAction "id:'90011',phase:2,pass,nolog,setvar:TX. >> ModSecTimestamp2end=%{DURATION}" >> SecAction "id:'90012',phase:3,pass,nolog,setvar:TX. >> ModSecTimestamp3end=%{DURATION}" >> SecAction "id:'90013',phase:4,pass,nolog,setvar:TX. >> ModSecTimestamp4end=%{DURATION}" >> SecAction "id:'90014',phase:5,pass,nolog,setvar:TX. >> ModSecTimestamp5end=%{DURATION}" >> # === ModSec performance calculations and variable export (ids: >> 90100 - 90199) >> SecAction "id:'90100',phase:5,pass,nolog,setvar:TX.perf_ >> modsecinbound=%{PERF_PHASE1}" >> SecAction "id:'90101',phase:5,pass,nolog,setvar:TX.perf_ >> modsecinbound=+%{PERF_PHASE2}" >> SecAction "id:'90102',phase:5,pass,nolog,setvar:TX.perf_ >> application=%{TX.ModSecTimestamp3start}" >> SecAction "id:'90103',phase:5,pass,nolog,setvar:TX.perf_ >> application=-%{TX.ModSecTimestamp2end}" >> SecAction "id:'90104',phase:5,pass,nolog,setvar:TX.perf_ >> modsecoutbound=%{PERF_PHASE3}" >> SecAction "id:'90105',phase:5,pass,nolog,setvar:TX.perf_ >> modsecoutbound=+%{PERF_PHASE4}" >> SecAction "id:'90106',phase:5,pass,nolog,setenv:ModSecTimeIn=%{ >> TX.perf_modsecinbound}" >> SecAction "id:'90107',phase:5,pass,nolog,setenv:ApplicationTime=% >> {TX.perf_application}" >> SecAction "id:'90108',phase:5,pass,nolog,setenv:ModSecTimeOut=%{ >> TX.perf_modsecoutbound}" >> SecAction "id:'90109',phase:5,pass,nolog,setenv: >> ModSecAnomalyScoreIn=%{TX.anomaly_score}" >> SecAction "id:'90110',phase:5,pass,nolog,setenv: >> ModSecAnomalyScoreOut=%{TX.outbound_anomaly_score}" >> # === End ModSec Configuration >> ------------------------------------------------------------ >> ------------------ >> So I think this generally works. If it does not for you, then please >> try and >> reproduce the behaviour on the latest ModSec version of the 2.9 >> series and >> open a bug report in case. >> Ahoj, >> Christian >> On Wed, Mar 14, 2018 at 06:13:04PM -0300, Cristiano Galdino wrote: >> >> Hi Christian! >> Modsecurity: 2.9.0-1 (from Ubuntu repository) >> Apache 2.4.18-2ubuntu3.5 >> Tks! >> >> Cristiano Galdino >> [4]cri...@ga... >> >> On 14 Mar 2018 17:55 -0300, Christian Folini >> <[5]chr...@ne...>, wrote: >> >> Hello Christiano, >> What platform are you using? (-> ModSec version, Apache / >> >> NGINX / >> >> IIS?) >> Ahoj, >> Christian >> On Wed, Mar 14, 2018 at 05:06:28PM -0300, Cristiano Galdino >> >> wrote: >> >> >> Hello! >> I created a rule in ModSecurity to sanitize param CVV (credit >> >> card) >> >> but >> it is not working. >> Samples: >> SecAction "nolog,phase:2,id:101,sanitiseArg:CVV” >> SecAction "nolog,phase:4,id:102,sanitiseArg:CVV_Reponse" >> This prevents me from using modsecurity because PCI does not >> >> allow >> >> CVV >> to be stored. >> I found this issue without response. >> [1][6]https://github.com/SpiderLabs/ModSecurity/issues/715 >> What can I do? >> Cristiano Galdino >> [7]cri...@ga... >> References >> 1. [8]https://github.com/SpiderLabs/ModSecurity/issues/715 >> >> ------------------------------------------------------------ >> >> -------- >> >> ---------- >> Check out the vibrant tech community on one of the world's >> >> most >> >> engaging tech sites, Slashdot.org! >> >> [9]http://sdm.link/slashdot >> >> >> _______________________________________________ >> mod-security-users mailing list >> [10]mod...@li... >> [11]https://lists.sourceforge.net/ >> >> lists/listinfo/mod-security-users >> >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> [12]http://www.modsecurity.org/projects/commercial/rules/ >> [13]http://www.modsecurity.org/projects/commercial/support/ >> >> -- >> [14]https://www.feistyduck.com/training/modsecurity-training- >> >> course >> >> [15]https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:[16]chr...@ne... >> twitter: @ChrFolini >> ------------------------------------------------------------ >> >> -------- >> >> ---------- >> Check out the vibrant tech community on one of the world's >> >> most >> >> engaging tech sites, Slashdot.org! >> >> [17]http://sdm.link/slashdot >> >> _______________________________________________ >> mod-security-users mailing list >> [18]mod...@li... >> [19]https://lists.sourceforge.net/ >> >> lists/listinfo/mod-security-users >> >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> [20]http://www.modsecurity.org/projects/commercial/rules/ >> [21]http://www.modsecurity.org/projects/commercial/support/ >> ------------------------------------------------------------ >> >> ------------------ >> >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! [22]http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> [23]mod...@li... >> [24]https://lists.sourceforge.net/lists/listinfo/mod-security- >> >> users >> >> Commercial ModSecurity Rules and Support from Trustwave's >> >> SpiderLabs: >> >> [25]http://www.modsecurity.org/projects/commercial/rules/ >> [26]http://www.modsecurity.org/projects/commercial/support/ >> >> -- >> [27]https://www.feistyduck.com/training/modsecurity-training-course >> [28]https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:[29]chr...@ne... >> twitter: @ChrFolini >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! [30]http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> [31]mod...@li... >> [32]https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> [33]http://www.modsecurity.org/projects/commercial/rules/ >> [34]http://www.modsecurity.org/projects/commercial/support/ >> >> -------------------------------------------------------------------- >> ---------- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> References >> >> 1. http://localhost:3000/api/login >> 2. mailto:chr...@ne... >> 3. http://netnea.com/ >> 4. mailto:cri...@ga... >> 5. mailto:chr...@ne... >> 6. https://github.com/SpiderLabs/ModSecurity/issues/715 >> 7. mailto:cri...@ga... >> 8. https://github.com/SpiderLabs/ModSecurity/issues/715 >> 9. http://sdm.link/slashdot >> 10. mailto:mod...@li... >> 11. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 12. http://www.modsecurity.org/projects/commercial/rules/ >> 13. http://www.modsecurity.org/projects/commercial/support/ >> 14. https://www.feistyduck.com/training/modsecurity-training-course >> 15. https://www.feistyduck.com/books/modsecurity-handbook/ >> 16. mailto:chr...@ne... >> 17. http://sdm.link/slashdot >> 18. mailto:mod...@li... >> 19. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 20. http://www.modsecurity.org/projects/commercial/rules/ >> 21. http://www.modsecurity.org/projects/commercial/support/ >> 22. http://sdm.link/slashdot >> 23. mailto:mod...@li... >> 24. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 25. http://www.modsecurity.org/projects/commercial/rules/ >> 26. http://www.modsecurity.org/projects/commercial/support/ >> 27. https://www.feistyduck.com/training/modsecurity-training-course >> 28. https://www.feistyduck.com/books/modsecurity-handbook/ >> 29. mailto:chr...@ne... >> 30. http://sdm.link/slashdot >> 31. mailto:mod...@li... >> 32. https://lists.sourceforge.net/lists/listinfo/mod-security-users >> 33. http://www.modsecurity.org/projects/commercial/rules/ >> 34. http://www.modsecurity.org/projects/commercial/support/ >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> >> >> -- >> https://www.feistyduck.com/training/modsecurity-training-course >> https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:chr...@ne... >> twitter: @ChrFolini >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ > _________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
