|
From: Ivan R. <iv...@we...> - 2006-02-01 12:21:31
|
CASTELLE Thomas wrote: > Hello everybody, > > The new mod_security rules project is a great thing. It is more generic > than the gotroot.com files, and the files are smaller (which is, I > think, good for performance). > > However, I have 2 small modification requests : > > - Could you add "id" and "rev" meta-data to each rules, so that we can > exclude specific rules when the protected website matches false > positives. > It could also allow us to run automatic updates by detecting new rules > or changes on existing rules. Yes. That's mostly the reason while the rules are still in beta. As soon as I assign IDs to them they will be moved to production status. > - Could you modify the "JavaScript event handlers" rules, because it > seems too generic to me. > > Couldn't : > "SecFilterSelective ARGS "onSelect"" > be instead : > "SecFilterSelective ARGS > "onSelect[[:space:]]*=|=[[:space:]]*onSelect" > > For instance, some of our websites matches this because of > "http://blablabla/test?task=ValidationSelection" Makes sense. Which case would =[[:space:]]*onSelect" match? -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 |
