Re: [mod-security-users] SecSignCookies, SecSignLinks tags
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2006-12-29 20:50:26
|
Mamo, The crypto capabilities for encrypting/signing urls and cookies is part = of a patch that was developed by Daniel Fern=E1ndez Bleda and Carles = Bonamusa P=E9rez of Internet Security Auditors. This patch is not = officially supported by Breach Security, which is why those directives = were not included in the reference manual. You can find information on = this patch at the ModSecurity Download page - = http://www.modsecurity.org/download/index.html and from this mail-list = archive thread - http://comments.gmane.org/gmane.comp.apache.mod-security.user/1732. =20 --=20 Ryan C. Barnett Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] On Behalf Of mamo > Sent: Friday, December 29, 2006 3:43 PM > To: mod...@li... > Subject: [mod-security-users] SecSignCookies, SecSignLinks tags >=20 > Hello. I have read the presentation on modsecurity done at What The > Hack conference (2005). You can download the presentation at the url: > = http://www.isecauditors.com/downloads/present/WhatTheHack_2005_modsecurit= y > .zip >=20 > In the presentation I found the tags SecSignCookies, SecSignLinks, > SecStripCommentCode. I am particolary interested in SecSignCookies and > SecSignLinks for critographically sign cookies and links. >=20 > I searched the directives on the modsecurity > reference documentation but can't find info on that directives. Are > this tag implemented or is it planned to implement them in > modsecurity? >=20 > Thanks you in advance. >=20 > Mamo >=20 > = -------------------------------------------------------------------------= > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to = share > your > opinions on IT & business topics through brief surveys - and earn cash > = http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D= DEVDEV > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |