Re: [mod-security-users] Rules database
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Rules database
|
From: Gerwin K. -|- D. W. <ge...@di...> - 2005-04-04 11:43:42
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Rom=E1n, You could try http://www.gotroot.com/downloads/ftp/mod_security/rules.con= f It has a LOT of rules. Hope it's helpfull. Gerwin Roman Medina-Heigl Hernandez wrote: | Hi, | | I'm interested in protecting webapps in a "generic way" (more or less | :-)), which means that if I choose to install a PHP-Nuke portal and a | new SQL injection bug in that portal is disclosed, it will not be | exploitable (the code would still be buggy until patching, but that's | unavoidable). Of course, the idea is to catch the more kind of bugs | being possible (not only SQL injection, but directory traversal, remote | PHP script injection, shell injection, etc). | | I visited: | http://www.modsecurity.org/db/rules/ | But I got a bit disappointed when I saw only 4 rules :-(. The db seems | to be discontinued... ? | | I'm wondering whether: | 1) There are other "repositories" for mod-security rules, or | 2) Some of you, security-specialists, would be kind enough to share the | rules you have, ideas, etc. | | Other repositories (not direcly related to Mod-security but perhaps | easily "convertible" to; for instance, rules from other IPS devices) ma= y | also be interesting. | | Hope hearing from you, guys :-) | | Kind regards, | -Rom=E1n | | | ------------------------------------------------------- | SF email is sponsored by - The IT Product Guide | Read honest & candid reviews on hundreds of IT Products from real users= . | Discover which products truly live up to the hype. Start reading now. | http://ads.osdn.com/?ad_ide95&alloc_id=14396&op=3Dclick | _______________________________________________ | mod-security-users mailing list | mod...@li... | https://lists.sourceforge.net/lists/listinfo/mod-security-users | | - -- Met vriendelijke groet/With kind regards, Gerwin Krist Digitalus First-class Internet Webhosting (w) http://www.digitalus.nl (e) gerwin at digitalus.nl (p) PGP-ID: 79B325D4 (t) +31 (0) 598 630000 (f) +31 (0) 598 631860 *************************************************************************= ************** This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediate= ly by reply e-mail and delete this message and any attachments without retaining a copy. *************************************************************************= ************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCUURpCwaJ0XmzJdQRAptKAJ9z4nIiA97D8L5yymPrVy0B4H6grwCgsqKJ fgDHNrw60VOfIHzKy2NkN+w=3D =3DynvG -----END PGP SIGNATURE----- |
