mod-security-developers Mailing List for ModSecurity (Page 11)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Phil D. <ux...@sp...> - 2016-02-22 19:56:11
|
Hello: has anybody produced an rpm spec for libmodsec that they would be willing to share please ? Thanks, Phil |
|
From: Felipe C. <FC...@tr...> - 2016-02-22 16:04:29
|
Hi Fakhri, The complete documentation can be found embedded in the classes source, for instance: https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/src/transaction.cc#L226-L248 Depending on your editor, this information may be available as a tooltip (or similar), while you coding. Also, you can use other implementation of the library as a guide to your development. In library git repository you will be able to find the benchmark utility and the regression test utility: - https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/test/benchmark/benchmark.cc - https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/test/regression/regression.cc Another implementation available is the pcap one: - https://github.com/SpiderLabs/ModSecurity-pcap/blob/master/pcap.cc Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 2/22/16, 8:41 AM, "Fakhri Zulkifli" <d0l...@ya...<mailto:d0l...@ya...>> wrote: Hello, i'm having a hard time in finding the function call that actually detect injection payload (e.g <script>alert(1)</script>). The payload does not necessarily need to exactly like the one i provided in the brackets. Based on the code flow (http://scanmail.trustwave.com/?c=4062&d=r_TK1jviw3jweOIGGWeJS_6JQ1rHQ8KwyJOzHmvrnw&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2flibmodsecurity%2fexamples%2fsimple%5fexample%5fusing%5fc%2ftest%2ec) , the code basically just initiate the rules to the modsecurity instance and also try to initiate remote rules and i don't find any function call that actually does the payload detection, is it already implemented? maybe i missed somewhere. Thanks. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://scanmail.trustwave.com/?c=4062&d=r_TK1jviw3jweOIGGWeJS_6JQ1rHQ8KwyJOxTDzqmw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> http://scanmail.trustwave.com/?c=4062&d=r_TK1jviw3jweOIGGWeJS_6JQ1rHQ8KwyMazQD7tnA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Fakhri Z. <d0l...@ya...> - 2016-02-22 11:42:19
|
Hello, i'm having a hard time in finding the function call that actually detect injection payload (e.g <script>alert(1)</script>). The payload does not necessarily need to exactly like the one i provided in the brackets. Based on the code flow (https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/examples/simple_example_using_c/test.c) , the code basically just initiate the rules to the modsecurity instance and also try to initiate remote rules and i don't find any function call that actually does the payload detection, is it already implemented? maybe i missed somewhere. Thanks. |
|
From: Christian F. <chr...@ne...> - 2016-02-12 20:46:28
|
Chaim, That's a nice initiative. Thank you for asking us. I have added a "ModSecurity ICAP Connector" to the impressive list. (It's not my idea, but I missed it on the list.) If anything else springs to my mind, I'll fill it in. Ahoj, Christian On Fri, Feb 12, 2016 at 03:50:36PM +0000, Chaim Sanders wrote: > Good afternoon everyone! > Coming up very quickly we are looking to submit a Google Summer Of Code application for the ModSecurity project. While the team at Trustwave has a number of ideas, we are reaching out to you, the community, to see if there are any exciting projects/additions for the ModSecurity project that you have been dreaming up. Ideally we'd love to focus our attention on the next version of ModSecurity v3.0 (aka libmodsecurity) which we are hard at work on; however, this doesn't mean that good ideas for the 2.x branch will be overlooked. > We will be accumulating these ideas on our Google Summer of Code Wiki located at: https://github.com/SpiderLabs/ModSecurity/wiki/Ideas-for-Google-Summer-of-Code-2016 > > We look forward to hearing all your ideas. If you have one (or several) feel free to respond to this thread. > > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
|
From: Felipe C. <FC...@tr...> - 2016-02-11 16:43:58
|
Hi Robert, Usually we wait 15 days between the RC and the real release. That depends on the amount of issues reported and how fast we address each of the issues. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Robert Paprocki <rpa...@fe...<mailto:rpa...@fe...>> Reply-To: "ro...@cr...<mailto:ro...@cr...>" <ro...@cr...<mailto:ro...@cr...>>, "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Thursday, February 11, 2016 at 11:15 AM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [Mod-security-developers] [mod-security-packagers] ModSecurity version 2.9.1-rc1 announcement OOC, do we have a timeline for when the final non-RC 2.9.1 will be released? On Thu, Feb 11, 2016 at 4:00 AM, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Hi Walter, Thanks for testing the release candidate. I will investigate this issue. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Walter Hop <mo...@sp...<mailto:mo...@sp...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Wednesday, February 10, 2016 at 7:00 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [Mod-security-developers] [mod-security-packagers] ModSecurity version 2.9.1-rc1 announcement Hi Felipe, Thanks for the work on this release! My regression tests on FreeBSD are good, JSON logging works, Lua 5.1/5.2/5.3 works. I plan to remove the hard dependency on Lua 5.1 in our port. The only thing I found so far in the RC is that the audit log is a bit dirty with extra Apache-Error log lines. I created an issue for this: https://github.com/SpiderLabs/ModSecurity/issues/1073<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lVhpMMPZlA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fissues%2f1073> I’ll give it a spin on some staging servers. Br.! WH On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Signed PGP part Hi, It is a pleasure to announce the first release candidate for ModSecurity version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. The new features list includes audit logs in JSON format. I would like to thank you all, that participate in the construction of this release. A special thanks to the ones who sent patches and the ones who participated on the community meetings, which helped to increase the quality of our releases. Thank you. The documentation of the new features is already available on our wiki page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQRsM5WMkg&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fwiki%2fReference-Manual> The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lV9pYZfaxQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv2%2e9%2e1-RC1> The most important changes are listed bellow: * New features - Added support to generate audit logs in JSON format. [Issue #914, #897, #656 - Robert Paprocki] - Extended Lua support to include version 5.3 [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] - mlogc: Allows user to choose between TLS versions (TLSProtocol option introduced). [Issue #881 - Ishwor Gurung] - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] * Bug fixes - Creating AuditLog serial file (or parallel index) respecting the permission configured with SecAuditLogFileMode. Previously, it was used only to save the transactions while in parallel mode. [Issue #852 - @littlecho and ModSecurity team] - Checking for hashing injection response, to report in case of failure. [Issue #1041 - ModSecurity team] - Stop buffering when the request is larger than SecRequestBodyLimit in ProcessPartial mode [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] - Refactoring conditional #if/#defs directives. [Issue #996 - Wesley M and ModSecurity team] - mlogc-batch-load.pl.in<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQhuNMWIwQ&s=5&u=http%3a%2f%2fmlogc-batch-load%2epl%2ein>: fix searching SecAuditLogStorageDir files with Apache 2.4 [Issue #775 - Elia Pinto] - Understands IIS 10 as compatible on Windows installer. [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] - Fix apache logging limitation by using correct Apache call. [Issue #840 - Christian Folini] - Fix apr_crypto.h check on 32-bit Linux platform [Issue #882, #883 - Kurt Newman] - Fix variable resolution duration (Content of the DURATION variable). [Issue #662 - Andrew Elble] - Fix crash while adding empty keys to persistent collections. [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] - Remove misguided call to srand() [Issues #778, #781 and #836 - Michael Bunk, @gilperon] - Fix compilation problem while ssdeep is installed in non-standard location. [Issue #872 - Kurt Newman] - Fix invalid storage reference by apr_psprintf at msc_crypt.c [Issue #609 - Jeff Trawick] * Known issues - Instabilities of nginx add-on are still expected. Please use the "nginx refactoring" branch and stay tuned for the ModSecurity version 3. Br., Felipe "Zimmerle" Costa Lead Developer for ModSecurity Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com> <http://www.trustwave.com/> -- Walter Hop | PGP key: https://lifeforms.nl/pgp<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQs-YcPewQ&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lVg8ZcLdlQ&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140> _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQ0-acDakg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers> ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Robert P. <rpa...@fe...> - 2016-02-11 14:42:07
|
OOC, do we have a timeline for when the final non-RC 2.9.1 will be released? On Thu, Feb 11, 2016 at 4:00 AM, Felipe Costa <FC...@tr...> wrote: > Hi Walter, > > Thanks for testing the release candidate. I will investigate this issue. > > Br., > > *Felipe “Zimmerle” Costa * > > Security Researcher, Lead Developer ModSecurity. > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > From: Walter Hop <mo...@sp...> > Reply-To: "mod...@li..." < > mod...@li...> > Date: Wednesday, February 10, 2016 at 7:00 PM > To: "mod...@li..." < > mod...@li...> > Subject: Re: [Mod-security-developers] [mod-security-packagers] > ModSecurity version 2.9.1-rc1 announcement > > Hi Felipe, > > Thanks for the work on this release! > My regression tests on FreeBSD are good, JSON logging works, Lua > 5.1/5.2/5.3 works. > I plan to remove the hard dependency on Lua 5.1 in our port. > > The only thing I found so far in the RC is that the audit log is a bit > dirty with extra Apache-Error log lines. I created an issue for this: > https://github.com/SpiderLabs/ModSecurity/issues/1073 > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZKvVhWNow&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fissues%2f1073> > > I’ll give it a spin on some staging servers. > > Br.! > WH > > > On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...> wrote: > > Signed PGP part > Hi, > > It is a pleasure to announce the first release candidate for ModSecurity > version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. > The new features list includes audit logs in JSON format. > > I would like to thank you all, that participate in the construction of > this release. A special thanks to the ones who sent patches and the ones > who participated on the community meetings, which helped to increase the > quality of our releases. Thank you. > > The documentation of the new features is already available on our wiki > page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980ac6qVUPYpQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fwiki%2fReference-Manual> > > The source and binaries (and the respective hashes) are available at: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZWvB0GO8g&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv2%2e9%2e1-RC1> > > The most important changes are listed bellow: > > * New features > > - Added support to generate audit logs in JSON format. > [Issue #914, #897, #656 - Robert Paprocki] > - Extended Lua support to include version 5.3 > [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] > - mlogc: Allows user to choose between TLS versions (TLSProtocol option > introduced). > [Issue #881 - Ishwor Gurung] > - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. > [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] > > * Bug fixes > > - Creating AuditLog serial file (or parallel index) respecting the > permission configured with SecAuditLogFileMode. Previously, it was > used only to save the transactions while in parallel mode. > [Issue #852 - @littlecho and ModSecurity team] > - Checking for hashing injection response, to report in case of failure. > [Issue #1041 - ModSecurity team] > - Stop buffering when the request is larger than SecRequestBodyLimit > in ProcessPartial mode > [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] > - Refactoring conditional #if/#defs directives. > [Issue #996 - Wesley M and ModSecurity team] > - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir > files with Apache 2.4 > [Issue #775 - Elia Pinto] > - Understands IIS 10 as compatible on Windows installer. > [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] > - Fix apache logging limitation by using correct Apache call. > [Issue #840 - Christian Folini] > - Fix apr_crypto.h check on 32-bit Linux platform > [Issue #882, #883 - Kurt Newman] > - Fix variable resolution duration (Content of the DURATION variable). > [Issue #662 - Andrew Elble] > - Fix crash while adding empty keys to persistent collections. > [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] > - Remove misguided call to srand() > [Issues #778, #781 and #836 - Michael Bunk, @gilperon] > - Fix compilation problem while ssdeep is installed in non-standard > location. > [Issue #872 - Kurt Newman] > - Fix invalid storage reference by apr_psprintf at msc_crypt.c > [Issue #609 - Jeff Trawick] > > * Known issues > > - Instabilities of nginx add-on are still expected. Please use the "nginx > refactoring" branch and stay tuned for the ModSecurity version 3. > > Br., > Felipe "Zimmerle" Costa > Lead Developer for ModSecurity > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > -- > Walter Hop | PGP key: https://lifeforms.nl/pgp > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980acH4BxWK9g&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp> > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Christian F. <chr...@ne...> - 2016-02-11 12:26:19
|
Thanks, Felipe. Perfect! On Thu, Feb 11, 2016 at 12:04:00PM +0000, Felipe Costa wrote: > Hi Christian, > > Forget about April 3. We had the v2.9.1-rc1 shipped on February 3. > > I fixed the meeting minutes. Thanks for let me know. > > Br., > Felipe “Zimmerle” Costa > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > > > > On 2/11/16, 4:32 AM, "Christian Folini" <chr...@ne...> wrote: > > >Good morning, > > > >Thank your the minutes of the meeting, Felipe. I am > >glad to see them published. > > > >During the meeting, there was a somehow queer discussion > >on the release date of ModSec 2.9.1. We constantly > >messed up "April 3" and "February 3". The same misunderstanding > >is still present in the minutes: > > > >AGREED: release v2.9.1 on April 3. \o/ (zimmerle, 15:54:48) > >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxMufbA18A&s=5&u=http%3a%2f%2fresearchmaniacs%2ecom%2fCalendar-Dates%2fImages%2fFebruary-3%2epng :p (p0pr0ck5, 15:52:46) > > > >You released 2.9.1rc1 on February 3. So I thought this was settled. > >But maybe it is not. > > > >Could you please repeat the quasi official release date? > > > >Cheers, > > > >Christian > > > > > > > >On Wed, Feb 10, 2016 at 01:02:21PM +0000, Felipe Costa wrote: > >> Hi, > >> > >> Thank you all that participated in our second community meeting. > >> > >> The meeting minutes is available here: > >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxYuJ71hqg&s=5&u=https%3a%2f%2fwww%2emodsecurity%2eorg%2fdevelopers%2fmeetings%2fmodsecurity%2e2016-01-27-15%2e08%2ehtml > >> > >> > >> Please let me know if something is missing. > >> > >> > >> Br., > >> Felipe “Zimmerle” Costa > >> Security Researcher, Lead Developer ModSecurity. > >> Trustwave | SMART SECURITY ON DEMAND > >> www.trustwave.com <http://wwwad to > >.trustwave.com/> > >> > >> > >> ________________________________ > >> > >> This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > >> ------------------------------------------------------------------------------ > >> Site24x7 APM Insight: Get Deep Visibility into Application Performance > >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > >> Monitor end-to-end web transactions and take corrective actions now > >> Troubleshoot faster and improve end-user experience. Signup Now! > >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WG0ItcLI18A&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 > >> _______________________________________________ > >> mod-security-users mailing list > >> mod...@li... > >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WG0N_ceVhpQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users > >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxEtJbw1oQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f > >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxApd7Bh9A&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f > > > >-- > >mailto:chr...@ne... > >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxZ5IbM8pg&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech > >twitter: @ChrFolini > > > >------------------------------------------------------------------------------ > >Site24x7 APM Insight: Get Deep Visibility into Application Performance > >APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > >Monitor end-to-end web transactions and take corrective actions now > >Troubleshoot faster and improve end-user experience. Signup Now! > >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WG0ItcLI18A&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 > >_______________________________________________ > >mod-security-developers mailing list > >mod...@li... > >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxcvfLAy9w&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers > >ModSecurity Services from Trustwave's SpiderLabs: > >https://www.trustwave.com/spiderLabs.php > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
|
From: Felipe C. <FC...@tr...> - 2016-02-11 12:04:14
|
Hi Christian, Forget about April 3. We had the v2.9.1-rc1 shipped on February 3. I fixed the meeting minutes. Thanks for let me know. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 2/11/16, 4:32 AM, "Christian Folini" <chr...@ne...> wrote: >Good morning, > >Thank your the minutes of the meeting, Felipe. I am >glad to see them published. > >During the meeting, there was a somehow queer discussion >on the release date of ModSec 2.9.1. We constantly >messed up "April 3" and "February 3". The same misunderstanding >is still present in the minutes: > >AGREED: release v2.9.1 on April 3. \o/ (zimmerle, 15:54:48) >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxMufbA18A&s=5&u=http%3a%2f%2fresearchmaniacs%2ecom%2fCalendar-Dates%2fImages%2fFebruary-3%2epng :p (p0pr0ck5, 15:52:46) > >You released 2.9.1rc1 on February 3. So I thought this was settled. >But maybe it is not. > >Could you please repeat the quasi official release date? > >Cheers, > >Christian > > > >On Wed, Feb 10, 2016 at 01:02:21PM +0000, Felipe Costa wrote: >> Hi, >> >> Thank you all that participated in our second community meeting. >> >> The meeting minutes is available here: >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxYuJ71hqg&s=5&u=https%3a%2f%2fwww%2emodsecurity%2eorg%2fdevelopers%2fmeetings%2fmodsecurity%2e2016-01-27-15%2e08%2ehtml >> >> >> Please let me know if something is missing. >> >> >> Br., >> Felipe “Zimmerle” Costa >> Security Researcher, Lead Developer ModSecurity. >> Trustwave | SMART SECURITY ON DEMAND >> www.trustwave.com <http://wwwad to >.trustwave.com/> >> >> >> ________________________________ >> >> This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WG0ItcLI18A&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WG0N_ceVhpQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxEtJbw1oQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f >> http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxApd7Bh9A&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f > >-- >mailto:chr...@ne... >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxZ5IbM8pg&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech >twitter: @ChrFolini > >------------------------------------------------------------------------------ >Site24x7 APM Insight: Get Deep Visibility into Application Performance >APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >Monitor end-to-end web transactions and take corrective actions now >Troubleshoot faster and improve end-user experience. Signup Now! >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WG0ItcLI18A&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 >_______________________________________________ >mod-security-developers mailing list >mod...@li... >http://scanmail.trustwave.com/?c=4062&d=orm81m0lOSe9rjrkevrR1ATeB3_eST6WGxcvfLAy9w&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2016-02-11 12:00:31
|
Hi Walter, Thanks for testing the release candidate. I will investigate this issue. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Walter Hop <mo...@sp...<mailto:mo...@sp...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Wednesday, February 10, 2016 at 7:00 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [Mod-security-developers] [mod-security-packagers] ModSecurity version 2.9.1-rc1 announcement Hi Felipe, Thanks for the work on this release! My regression tests on FreeBSD are good, JSON logging works, Lua 5.1/5.2/5.3 works. I plan to remove the hard dependency on Lua 5.1 in our port. The only thing I found so far in the RC is that the audit log is a bit dirty with extra Apache-Error log lines. I created an issue for this: https://github.com/SpiderLabs/ModSecurity/issues/1073<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZKvVhWNow&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fissues%2f1073> I’ll give it a spin on some staging servers. Br.! WH On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Signed PGP part Hi, It is a pleasure to announce the first release candidate for ModSecurity version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. The new features list includes audit logs in JSON format. I would like to thank you all, that participate in the construction of this release. A special thanks to the ones who sent patches and the ones who participated on the community meetings, which helped to increase the quality of our releases. Thank you. The documentation of the new features is already available on our wiki page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980ac6qVUPYpQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fwiki%2fReference-Manual> The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZWvB0GO8g&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv2%2e9%2e1-RC1> The most important changes are listed bellow: * New features - Added support to generate audit logs in JSON format. [Issue #914, #897, #656 - Robert Paprocki] - Extended Lua support to include version 5.3 [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] - mlogc: Allows user to choose between TLS versions (TLSProtocol option introduced). [Issue #881 - Ishwor Gurung] - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] * Bug fixes - Creating AuditLog serial file (or parallel index) respecting the permission configured with SecAuditLogFileMode. Previously, it was used only to save the transactions while in parallel mode. [Issue #852 - @littlecho and ModSecurity team] - Checking for hashing injection response, to report in case of failure. [Issue #1041 - ModSecurity team] - Stop buffering when the request is larger than SecRequestBodyLimit in ProcessPartial mode [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] - Refactoring conditional #if/#defs directives. [Issue #996 - Wesley M and ModSecurity team] - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir files with Apache 2.4 [Issue #775 - Elia Pinto] - Understands IIS 10 as compatible on Windows installer. [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] - Fix apache logging limitation by using correct Apache call. [Issue #840 - Christian Folini] - Fix apr_crypto.h check on 32-bit Linux platform [Issue #882, #883 - Kurt Newman] - Fix variable resolution duration (Content of the DURATION variable). [Issue #662 - Andrew Elble] - Fix crash while adding empty keys to persistent collections. [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] - Remove misguided call to srand() [Issues #778, #781 and #836 - Michael Bunk, @gilperon] - Fix compilation problem while ssdeep is installed in non-standard location. [Issue #872 - Kurt Newman] - Fix invalid storage reference by apr_psprintf at msc_crypt.c [Issue #609 - Jeff Trawick] * Known issues - Instabilities of nginx add-on are still expected. Please use the "nginx refactoring" branch and stay tuned for the ModSecurity version 3. Br., Felipe "Zimmerle" Costa Lead Developer for ModSecurity Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> -- Walter Hop | PGP key: https://lifeforms.nl/pgp<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980acH4BxWK9g&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Christian F. <chr...@ne...> - 2016-02-11 07:32:30
|
Good morning, Thank your the minutes of the meeting, Felipe. I am glad to see them published. During the meeting, there was a somehow queer discussion on the release date of ModSec 2.9.1. We constantly messed up "April 3" and "February 3". The same misunderstanding is still present in the minutes: AGREED: release v2.9.1 on April 3. \o/ (zimmerle, 15:54:48) http://researchmaniacs.com/Calendar-Dates/Images/February-3.png :p (p0pr0ck5, 15:52:46) You released 2.9.1rc1 on February 3. So I thought this was settled. But maybe it is not. Could you please repeat the quasi official release date? Cheers, Christian On Wed, Feb 10, 2016 at 01:02:21PM +0000, Felipe Costa wrote: > Hi, > > Thank you all that participated in our second community meeting. > > The meeting minutes is available here: > https://www.modsecurity.org/developers/meetings/modsecurity.2016-01-27-15.08.html > > > Please let me know if something is missing. > > > Br., > Felipe “Zimmerle” Costa > Security Researcher, Lead Developer ModSecurity. > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://wwwad to .trustwave.com/> > > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
|
From: Walter H. <mo...@sp...> - 2016-02-10 22:00:24
|
Hi Felipe, Thanks for the work on this release! My regression tests on FreeBSD are good, JSON logging works, Lua 5.1/5.2/5.3 works. I plan to remove the hard dependency on Lua 5.1 in our port. The only thing I found so far in the RC is that the audit log is a bit dirty with extra Apache-Error log lines. I created an issue for this: https://github.com/SpiderLabs/ModSecurity/issues/1073 I’ll give it a spin on some staging servers. Br.! WH > On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...> wrote: > > Signed PGP part > Hi, > > It is a pleasure to announce the first release candidate for ModSecurity > version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. > The new features list includes audit logs in JSON format. > > I would like to thank you all, that participate in the construction of > this release. A special thanks to the ones who sent patches and the ones > who participated on the community meetings, which helped to increase the > quality of our releases. Thank you. > > The documentation of the new features is already available on our wiki > page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual > > The source and binaries (and the respective hashes) are available at: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 > > The most important changes are listed bellow: > > * New features > > - Added support to generate audit logs in JSON format. > [Issue #914, #897, #656 - Robert Paprocki] > - Extended Lua support to include version 5.3 > [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] > - mlogc: Allows user to choose between TLS versions (TLSProtocol option > introduced). > [Issue #881 - Ishwor Gurung] > - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. > [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] > > * Bug fixes > > - Creating AuditLog serial file (or parallel index) respecting the > permission configured with SecAuditLogFileMode. Previously, it was > used only to save the transactions while in parallel mode. > [Issue #852 - @littlecho and ModSecurity team] > - Checking for hashing injection response, to report in case of failure. > [Issue #1041 - ModSecurity team] > - Stop buffering when the request is larger than SecRequestBodyLimit > in ProcessPartial mode > [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] > - Refactoring conditional #if/#defs directives. > [Issue #996 - Wesley M and ModSecurity team] > - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir > files with Apache 2.4 > [Issue #775 - Elia Pinto] > - Understands IIS 10 as compatible on Windows installer. > [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] > - Fix apache logging limitation by using correct Apache call. > [Issue #840 - Christian Folini] > - Fix apr_crypto.h check on 32-bit Linux platform > [Issue #882, #883 - Kurt Newman] > - Fix variable resolution duration (Content of the DURATION variable). > [Issue #662 - Andrew Elble] > - Fix crash while adding empty keys to persistent collections. > [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] > - Remove misguided call to srand() > [Issues #778, #781 and #836 - Michael Bunk, @gilperon] > - Fix compilation problem while ssdeep is installed in non-standard > location. > [Issue #872 - Kurt Newman] > - Fix invalid storage reference by apr_psprintf at msc_crypt.c > [Issue #609 - Jeff Trawick] > > * Known issues > > - Instabilities of nginx add-on are still expected. Please use the "nginx > refactoring" branch and stay tuned for the ModSecurity version 3. > > Br., > Felipe "Zimmerle" Costa > Lead Developer for ModSecurity > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > -- Walter Hop | PGP key: https://lifeforms.nl/pgp |
|
From: Felipe C. <FC...@tr...> - 2016-02-10 13:02:32
|
Hi, Thank you all that participated in our second community meeting. The meeting minutes is available here: https://www.modsecurity.org/developers/meetings/modsecurity.2016-01-27-15.08.html Please let me know if something is missing. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Christian F. <chr...@ne...> - 2016-02-04 08:19:31
|
Hello Zimmerle, Thank you for the new rc1 release. I compiled it just fine against apache 2.4.18 and ran nikto against it without any problems. So this generally works. Cool. Then I tried to enable the new JSON audit log format, but I failed in the config parser: AH00526: Syntax error on line 106 of /apache/conf/httpd.conf_testing_modsec: Invalid command 'SecAuditLogFormat', perhaps misspelled or defined by a module not included in the server configuration A 2nd issue occurred, when I tried to compile against apache 2.4.17. Ahoj, Christian On Wed, Feb 03, 2016 at 05:17:12PM +0000, Felipe Costa wrote: > > Hi, > > It is a pleasure to announce the first release candidate for ModSecurity > version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. > The new features list includes audit logs in JSON format. > > I would like to thank you all, that participate in the construction of > this release. A special thanks to the ones who sent patches and the ones > who participated on the community meetings, which helped to increase the > quality of our releases. Thank you. > > The documentation of the new features is already available on our wiki > page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual > > The source and binaries (and the respective hashes) are available at: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 > > The most important changes are listed bellow: > > * New features > > - Added support to generate audit logs in JSON format. > [Issue #914, #897, #656 - Robert Paprocki] > - Extended Lua support to include version 5.3 > [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] > - mlogc: Allows user to choose between TLS versions (TLSProtocol option > introduced). > [Issue #881 - Ishwor Gurung] > - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. > [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] > > * Bug fixes > > - Creating AuditLog serial file (or parallel index) respecting the > permission configured with SecAuditLogFileMode. Previously, it was > used only to save the transactions while in parallel mode. > [Issue #852 - @littlecho and ModSecurity team] > - Checking for hashing injection response, to report in case of failure. > [Issue #1041 - ModSecurity team] > - Stop buffering when the request is larger than SecRequestBodyLimit > in ProcessPartial mode > [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] > - Refactoring conditional #if/#defs directives. > [Issue #996 - Wesley M and ModSecurity team] > - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir > files with Apache 2.4 > [Issue #775 - Elia Pinto] > - Understands IIS 10 as compatible on Windows installer. > [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] > - Fix apache logging limitation by using correct Apache call. > [Issue #840 - Christian Folini] > - Fix apr_crypto.h check on 32-bit Linux platform > [Issue #882, #883 - Kurt Newman] > - Fix variable resolution duration (Content of the DURATION variable). > [Issue #662 - Andrew Elble] > - Fix crash while adding empty keys to persistent collections. > [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] > - Remove misguided call to srand() > [Issues #778, #781 and #836 - Michael Bunk, @gilperon] > - Fix compilation problem while ssdeep is installed in non-standard > location. > [Issue #872 - Kurt Newman] > - Fix invalid storage reference by apr_psprintf at msc_crypt.c > [Issue #609 - Jeff Trawick] > > * Known issues > > - Instabilities of nginx add-on are still expected. Please use the "nginx > refactoring" branch and stay tuned for the ModSecurity version 3. > > Br., > Felipe "Zimmerle" Costa > Lead Developer for ModSecurity > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
|
From: Felipe C. <FC...@tr...> - 2016-02-03 17:17:24
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, It is a pleasure to announce the first release candidate for ModSecurity version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. The new features list includes audit logs in JSON format. I would like to thank you all, that participate in the construction of this release. A special thanks to the ones who sent patches and the ones who participated on the community meetings, which helped to increase the quality of our releases. Thank you. The documentation of the new features is already available on our wiki page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 The most important changes are listed bellow: * New features - Added support to generate audit logs in JSON format. [Issue #914, #897, #656 - Robert Paprocki] - Extended Lua support to include version 5.3 [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] - mlogc: Allows user to choose between TLS versions (TLSProtocol option introduced). [Issue #881 - Ishwor Gurung] - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] * Bug fixes - Creating AuditLog serial file (or parallel index) respecting the permission configured with SecAuditLogFileMode. Previously, it was used only to save the transactions while in parallel mode. [Issue #852 - @littlecho and ModSecurity team] - Checking for hashing injection response, to report in case of failure. [Issue #1041 - ModSecurity team] - Stop buffering when the request is larger than SecRequestBodyLimit in ProcessPartial mode [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] - Refactoring conditional #if/#defs directives. [Issue #996 - Wesley M and ModSecurity team] - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir files with Apache 2.4 [Issue #775 - Elia Pinto] - Understands IIS 10 as compatible on Windows installer. [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] - Fix apache logging limitation by using correct Apache call. [Issue #840 - Christian Folini] - Fix apr_crypto.h check on 32-bit Linux platform [Issue #882, #883 - Kurt Newman] - Fix variable resolution duration (Content of the DURATION variable). [Issue #662 - Andrew Elble] - Fix crash while adding empty keys to persistent collections. [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] - Remove misguided call to srand() [Issues #778, #781 and #836 - Michael Bunk, @gilperon] - Fix compilation problem while ssdeep is installed in non-standard location. [Issue #872 - Kurt Newman] - Fix invalid storage reference by apr_psprintf at msc_crypt.c [Issue #609 - Jeff Trawick] * Known issues - Instabilities of nginx add-on are still expected. Please use the "nginx refactoring" branch and stay tuned for the ModSecurity version 3. Br., Felipe "Zimmerle" Costa Lead Developer for ModSecurity Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAlayNO4ACgkQ5t+wjOixEneGyQCeJtAPhLk9EXRg7/GviovZQ2i5 bwMAn3SSrlzFC+g3zdlOU4Yug3kiRpAp =Prxb -----END PGP SIGNATURE----- ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2016-01-25 18:55:27
|
Hi, The doodle for the 2nd ModSecurity(-dev) community meeting is now closed. The meeting will be held on Wed (27th) at #modsecurity channel at FreeNode. Further information: http://doodle.com/poll/tc9dydh2t6d4quwn Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 1/18/16, 11:21 AM, "Felipe Costa" <FC...@tr...> wrote: >Hi Guys, > >I would like to invite you the second ModSecurity(-dev) community meeting. >This invitation is extended to everyone which follow or participate actively >on the ModSecurity community. > >The meeting agenda will be: > - Review of every open topic from the last meeting. > - Open Issues on GitHub. > - Open Merge requests on GitHub. > - Release dates (and content?) for v2.9.1. > - State of v3, open for question, answers and ideas. > >The meeting will be held at #modsecurity channel at FreeNode. > >The suggested date is: 2015-01-25 (Mon). > >Please use Doodle to tell the best date/time for you: > >http://doodle.com/poll/tc9dydh2t6d4quwn > >If you think that we should add or remove something from the agenda, please tell. > >The minutes from our last meeting can be found here: >https://www.modsecurity.org/developers/meetings/modsecurity.2015-10-14-19.06.html > > > >Br., >Felipe “Zimmerle” Costa >Security Researcher, SpiderLabs > >Trustwave | SMART SECURITY ON DEMAND >www.trustwave.com <http://www.trustwave.com/> > > > > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2016-01-18 14:21:28
|
Hi Guys, I would like to invite you the second ModSecurity(-dev) community meeting. This invitation is extended to everyone which follow or participate actively on the ModSecurity community. The meeting agenda will be: - Review of every open topic from the last meeting. - Open Issues on GitHub. - Open Merge requests on GitHub. - Release dates (and content?) for v2.9.1. - State of v3, open for question, answers and ideas. The meeting will be held at #modsecurity channel at FreeNode. The suggested date is: 2015-01-25 (Mon). Please use Doodle to tell the best date/time for you: http://doodle.com/poll/tc9dydh2t6d4quwn If you think that we should add or remove something from the agenda, please tell. The minutes from our last meeting can be found here: https://www.modsecurity.org/developers/meetings/modsecurity.2015-10-14-19.06.html Br., Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Phil D. <ux...@sp...> - 2016-01-18 14:18:51
|
Hello Felipe,
I have updated them but I cannot find the one for specifying the name of the configuration file ?
modsecurity on;
modsecurity_conf modsecurity.conf;
Thanks, Phil
----- On 18 Jan, 2016, at 14:02, Felipe Costa FC...@tr... wrote:
> Hi Phil,
>
> Sorry for the delay. In version 3 we have changed the NGINX configuration
> directives.
> They now have the same shape of the others NGINX configuration directives. There
> are
> some examples here:
>
> https://github.com/SpiderLabs/ModSecurity-nginx/#usage
>
>
>
> Br.,
> Felipe “Zimmerle” Costa
> Security Researcher, SpiderLabs
>
> Trustwave | SMART SECURITY ON DEMAND
> www.trustwave.com <http://www.trustwave.com/>
>
>
>
>
>
>
>
>
>
>
>
> On 1/7/16, 5:03 PM, "Phil Daws" <ux...@sp...> wrote:
>
>>Hello:
>>
>>have built nginx 1.9.9 with libmodsecurity but when I test my config am seeing:
>>
>>nginx: [emerg] unknown directive "ModSecurityEnabled"
>>
>>checking the nginx binary it appears to have been compiled correctly:
>>
>>(ngx01)# strings nginx | grep -i modsec
>>libmodsecurity.so.3
>>/usr/local/modsecurity/lib
>>configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
>>--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
>>--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
>>--lock-path=/var/run/nginx.lock
>>--http-client-body-temp-path=/var/cache/nginx/client_temp
>>--http-proxy-temp-path=/var/cache/nginx/proxy_temp
>>--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
>>--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
>>--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
>>--add-module=./ngx_pagespeed-release-1.10.33.2-beta
>>--add-module=./ModSecurity-nginx --with-http_ssl_module --with-http_v2_module
>>--with-http_realip_module --with-http_addition_module --with-http_sub_module
>>--with-http_dav_module --with-http_flv_module --with-http_mp4_module
>>--with-http_gunzip_module --with-http_gzip_static_module
>>--with-http_random_index_module --with-http_secure_link_module
>>--with-http_stub_status_module --with-http_auth_request_module --with-mail
>>--with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe
>>-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
>>--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
>>modsecurity
>>modsecurity_rules_file
>>modsecurity_rules_remote
>>modsecurity_rules
>>ModSecurity-nginx v0.0.2-alpha
>>
>>Has a configuration option changed at all ?
>>
>>Thanks, Phil
>>
>>
>>
>>------------------------------------------------------------------------------
>>_______________________________________________
>>mod-security-developers mailing list
>>mod...@li...
>>http://scanmail.trustwave.com/?c=4062&d=s8SO1sZYaea2_QUHlfDp8dwbFwFpUYwV2-QGDhkluw&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers
>>ModSecurity Services from Trustwave's SpiderLabs:
>>https://www.trustwave.com/spiderLabs.php
>
> ________________________________
>
> This transmission may contain information that is privileged, confidential,
> and/or exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, copying, distribution,
> or use of the information contained herein (including any reliance thereon) is
> strictly prohibited. If you received this transmission in error, please
> immediately contact the sender and destroy the material in its entirety,
> whether in electronic or hard copy format.
|
|
From: Felipe C. <FC...@tr...> - 2016-01-18 14:03:39
|
Hi Phil, Sorry for the delay. In version 3 we have changed the NGINX configuration directives. They now have the same shape of the others NGINX configuration directives. There are some examples here: https://github.com/SpiderLabs/ModSecurity-nginx/#usage Br., Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 1/7/16, 5:03 PM, "Phil Daws" <ux...@sp...> wrote: >Hello: > >have built nginx 1.9.9 with libmodsecurity but when I test my config am seeing: > >nginx: [emerg] unknown directive "ModSecurityEnabled" > >checking the nginx binary it appears to have been compiled correctly: > >(ngx01)# strings nginx | grep -i modsec >libmodsecurity.so.3 >/usr/local/modsecurity/lib >configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --add-module=./ngx_pagespeed-release-1.10.33.2-beta --add-module=./ModSecurity-nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' >modsecurity >modsecurity_rules_file >modsecurity_rules_remote >modsecurity_rules >ModSecurity-nginx v0.0.2-alpha > >Has a configuration option changed at all ? > >Thanks, Phil > > > >------------------------------------------------------------------------------ >_______________________________________________ >mod-security-developers mailing list >mod...@li... >http://scanmail.trustwave.com/?c=4062&d=s8SO1sZYaea2_QUHlfDp8dwbFwFpUYwV2-QGDhkluw&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2016-01-18 14:00:24
|
Hi Christian, Comments in-line. On 1/7/16, 7:33 AM, "Christian Folini" <chr...@ti...> wrote: >Felipe, > >Thank you for the links. In fact I missed the posts (despite your >previous announcement). They are advertised on the ModSec website, >but I tried to see them via http://scanmail.trustwave.com/?c=4062&d=oL-O1iYOmSpv8oTEXO4IfnQS5FvxlTBsaW0f25tBow&s=5&u=http%3a%2f%2fblog%2espiderlabs%2ecom%2fmodsecurity >but the ModSecurity tag is missing on the posts. I will investigate with the Blog admin to see what happened. In fact, the announcement at ModSecuritiy.org should only show the blog posts with the ModSecurity tag. It seems like it is announcing all SpiderLab's blog posts. >Did I get it correctly, that libModSecurity is no longer >written in C, but in C++? Does that extend on the connectors to? The core itself is written in C++. But there is an C interface as well. The connectors can be writing in C++ or C. Also, it can be extended via bindings to script languages, such as Python [https://github.com/SpiderLabs/ModSecurity-Python-bindings]. The library API documentation is writing together with the code, following a style that can be understood by Doxygen. As you can see in the examples bellow: https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/headers/modsecurity/modsecurity.h#L149-L223 https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/src/transaction.cc#L49-L86 https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/headers/modsecurity/transaction.h We do have some doxygen targets on our Makefile already, but it is something that needs to be improved. >The Python Rule Import blogpost is even cooler. I did not think >of this before. I know that there are options to do this with >the Core Rules on nginx already, but now that it seems to become >available for my platform as well, my mind is spinning madly >thinking about use cases. This is really neat. Yeah, that one is cool :) I guess that particular feature will extend ModSecurity adoption. The possibility to pretty-print the rules (web, console, whatever) is something that I think will be very popular. At least that is what I hope. >Please keep us posted on the progress of the work Sure! I want to release v2.9.1 and get back to work on ModSecurity version 3 as soon as possible. >P.S. You used to plan for a community meeting in December. That >did not happen. Any new plans for the next meeting? Not only the meeting but also the release for v2.9.1. Let me make the meeting call in another email... Br., Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Phil D. <ux...@sp...> - 2016-01-12 11:06:21
|
Any thoughts on this please ? Thanks. ----- On 7 Jan, 2016, at 20:03, Phil Daws ux...@sp... wrote: > Hello: > > have built nginx 1.9.9 with libmodsecurity but when I test my config am seeing: > > nginx: [emerg] unknown directive "ModSecurityEnabled" > > checking the nginx binary it appears to have been compiled correctly: > > (ngx01)# strings nginx | grep -i modsec > libmodsecurity.so.3 > /usr/local/modsecurity/lib > configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx > --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log > --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid > --lock-path=/var/run/nginx.lock > --http-client-body-temp-path=/var/cache/nginx/client_temp > --http-proxy-temp-path=/var/cache/nginx/proxy_temp > --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp > --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp > --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx > --add-module=./ngx_pagespeed-release-1.10.33.2-beta > --add-module=./ModSecurity-nginx --with-http_ssl_module --with-http_v2_module > --with-http_realip_module --with-http_addition_module --with-http_sub_module > --with-http_dav_module --with-http_flv_module --with-http_mp4_module > --with-http_gunzip_module --with-http_gzip_static_module > --with-http_random_index_module --with-http_secure_link_module > --with-http_stub_status_module --with-http_auth_request_module > --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 > --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 > -mtune=generic' > modsecurity > modsecurity_rules_file > modsecurity_rules_remote > modsecurity_rules > ModSecurity-nginx v0.0.2-alpha > > Has a configuration option changed at all ? > > Thanks, Phil > > > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Phil D. <ux...@sp...> - 2016-01-07 20:03:44
|
Hello: have built nginx 1.9.9 with libmodsecurity but when I test my config am seeing: nginx: [emerg] unknown directive "ModSecurityEnabled" checking the nginx binary it appears to have been compiled correctly: (ngx01)# strings nginx | grep -i modsec libmodsecurity.so.3 /usr/local/modsecurity/lib configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --add-module=./ngx_pagespeed-release-1.10.33.2-beta --add-module=./ModSecurity-nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' modsecurity modsecurity_rules_file modsecurity_rules_remote modsecurity_rules ModSecurity-nginx v0.0.2-alpha Has a configuration option changed at all ? Thanks, Phil |
|
From: Christian F. <chr...@ti...> - 2016-01-07 10:33:51
|
Felipe, Thank you for the links. In fact I missed the posts (despite your previous announcement). They are advertised on the ModSec website, but I tried to see them via http://blog.spiderlabs.com/modsecurity but the ModSecurity tag is missing on the posts. So glad you linked them here on the mailinglists too. I like the overview presented in the libModSecurity blogpost. It extends on the things I understood so far and makes a good point why this step means a very big opportunity. Modularity is key for successful development (with known exceptions). So I wish you good luck in attracting more help to finish the job. It would be sweet, if we could see more community development happening in the ModSecurity code. Did I get it correctly, that libModSecurity is no longer written in C, but in C++? Does that extend on the connectors to? Community testing: You ask for testers and I think this is an important point. Hopefully you get the necessary beta testers. However, by focusing on nginx, you cut yourself from a big part of the ModSecurity audience. But those who do the work get to make the decisions. So this is a reasonable choice. And in fact, I understand your reasoning (the problems with ModSec 2.x where the most striking with the nginx port, among other reasons) but it might prove problematic. The Python Rule Import blogpost is even cooler. I did not think of this before. I know that there are options to do this with the Core Rules on nginx already, but now that it seems to become available for my platform as well, my mind is spinning madly thinking about use cases. This is really neat. Please keep us posted on the progress of the work. Best, Christian P.S. You used to plan for a community meeting in December. That did not happen. Any new plans for the next meeting? -- Learn this lesson, that to be self-contented is to be vile and ignorant, and that to aspire is better than to be blindly and impotently happy. -- Edwin Abbott Abbott |
|
From: 谭锋 <ta...@le...> - 2016-01-05 01:26:42
|
As autoconf conventions, it seems that "--with-curl=no" should be "without-curl" ? Filex: ta...@le... > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] > Sent: Tuesday, January 05, 2016 1:10 > To: mod...@li... > Subject: mod-security-developers Digest, Vol 53, Issue 1 > > Send mod-security-developers mailing list submissions to > mod...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > or, via email, send a message with subject or body 'help' to > mod...@li... > > You can reach the person managing the list at > mod...@li... > > When replying, please edit your Subject line so it is more specific than "Re: > Contents of mod-security-developers digest..." > > > Today's Topics: > > 1. Re: Antwort: Re: compile modsecurity --with-curl=no (Felipe Costa) > 2. Re: [mod-security-users] Problems with @inspectFile not > escaping arguments (Felipe Costa) > 3. More about ModSecurity version 3 (Felipe Costa) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 16 Nov 2015 18:39:32 +0000 > From: Felipe Costa <FC...@tr...> > Subject: Re: [Mod-security-developers] Antwort: Re: compile > modsecurity --with-curl=no > To: "mod...@li..." > <mod...@li...> > Message-ID: <D26FA827.16A6A%fc...@tr...> > Content-Type: text/plain; charset="iso-8859-1" > > Hi Christian, > > It is natural that you cannot build the mlogc without the curl dependency, as it is > a mandatory dependency. > > I will try to investigate the semaphore issue. Meanwhile, you may want to > manually cleanup the semaphores. Here is what we use on our buildbots: > https://gist.github.com/zimmerle/f4fd10f9b0485abb4872 > > > Br., > Felipe ?Zimmerle? Costa > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > From: "chr...@go..." > <chr...@go...> > Reply-To: "mod...@li..." > <mod...@li...> > Date: Monday, November 16, 2015 at 11:21 AM > To: "mod...@li..." > <mod...@li...> > Subject: [Mod-security-developers] Antwort: Re: compile > modsecurity --with-curl=no > > > Hi Felipe, > > my question is related to the semaphore issue: > https://sourceforge.net/p/mod-security/mailman/message/34613832/ > <http://scanmail.trustwave.com/?c=4062&d=uOfJ1hIm5YUCSUxW9Ytptg5Hx0t > Kkdky-0 > YSeK_kkw&s=5&u=https%3a%2f%2fsourceforge%2enet%2fp%2fmod- > security%2fmailman > %2fmessage%2f34613832%2f> > > No, I didn't manage to compile mlogc using "--with-curl=no". The mlogc binary > will simply not be build. > Anyway, building mlogc without curl is no longer important to me. The basic > problem is the semphore issue. > > I would be very grateful, if the semaphore problem could be addressed. > It's seems like many others have the same issue. > Maybe you get some idea how to figure out the problem, if you read my post > about the semaphore issue. > > Best regards, > Christian > > > > > Von: Felipe Costa <FC...@tr...> > An: "mod...@li..." > <mod...@li...> > Datum: 13.11.2015 22:40 > Betreff: Re: [Mod-security-developers] compile modsecurity > --with-curl=no > ________________________________________ > > > > Hi Christian, > > Mlogc depends on curl to submit the logs to the target host. Did you managed > to compile the mlogc while using --with-curl=no ? > > Br., > Felipe ?Zimmerle? Costa > > Security Researcher, SpiderLabs > > Trustwave| SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > From: "chr...@go..." > <chr...@go...> > Reply-To: "mod...@li..." > <mod...@li...> > Date: Monday, November 2, 2015 at 8:34 AM > To: "mod...@li..." > <mod...@li...> > Subject: [Mod-security-developers] compile modsecurity --with-curl=no > > Dear devolopers, > > I searched the mailing lists and google for my question, but didn't find anything. > Hopefully this is the right place to ask my question. > > > We use a modified apache httpd (2.2.29) with modsecurity 2.9.0 on RHEL 6.6 > (64bit). On graceful restarts of the httpd the number semaphore arrays start to > increase till they reach the limit of 128 when mlogc is enabled. > The support of the modified httpd suggested to compile modsecurity "--with- > curl=no". The number of semaphore arrays is not encreasing anymore. > > Now my question is which impact will this option have on modsecurity/mlogc? > > Thanks in advance, > Christian > _________________________________________________________________ > __________ > _________________________ > Gesellschaft: Gothaer Systems GmbH > Sitz: Gothaer Allee 1, 50969 K?ln (Hausanschrift) > Aufsichtsrat: Dr. Mathias B?hring-Uhle (Vorsitzender) > Gesch?ftsf?hrung: Dr. Hans Volkmar Weckesser (Vorsitzender), Hans Berg > Rechtsform: Gesellschaft mit beschr?nkter Haftung > Registergericht: Amtsgericht K?ln, HRB 25642 USt.-IdNr. DE811850000 > > > ________________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the intended > recipient, you are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance thereon) is > strictly prohibited. > If you received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard copy > format.-------------------------------------------------------------------- > ---------- > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > <http://scanmail.trustwave.com/?c=4062&d=uefJ1iK4wZfAPkX8TQkCvTNjrOelk > AkMds > B7bRZKBA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistin > fo%2 > fmod-security-developers> > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > _________________________________________________________________ > __________ > _________________________ > Gesellschaft: Gothaer Systems GmbH > Sitz: Gothaer Allee 1, 50969 K?ln (Hausanschrift) > Aufsichtsrat: Dr. Mathias B?hring-Uhle (Vorsitzender) > Gesch?ftsf?hrung: Dr. Hans Volkmar Weckesser (Vorsitzender), Hans Berg > Rechtsform: Gesellschaft mit beschr?nkter Haftung > Registergericht: Amtsgericht K?ln, HRB 25642 USt.-IdNr. DE811850000 > > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the intended > recipient, you are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance thereon) is > strictly prohibited. If you received this transmission in error, please immediately > contact the sender and destroy the material in its entirety, whether in electronic > or hard copy format. > > > > ------------------------------ > > Message: 2 > Date: Tue, 8 Dec 2015 13:04:11 +0000 > From: Felipe Costa <FC...@tr...> > Subject: Re: [Mod-security-developers] [mod-security-users] Problems > with @inspectFile not escaping arguments > To: "mod...@li..." > <mod...@li...> > Cc: "mod...@li..." > <mod...@li...> > Message-ID: <61F...@tr...> > Content-Type: text/plain; charset="utf-8" > > Hi Gryzli, > > Thank you for the report. > > Do not use the @inspectFile with variables that you don?t have control. > @inspectFile was originally created to be used with the FILES_TMPNAMES [1] as > cited on the > example: [2]. The content of FILES_TMPNAMES is generated by ModSecurity, > therefore we don?t need to escape. > > I think you concern is more than valid. I am adding a note at the Reference > manual, so that, others users will not use it in this fashion. > > Maybe what you are looking for is to use the Lua engine [3]. Using the Lua > engine, you will be able to fetch the variables using: m.getvar("FULL_REQUEST"); > > Notice that using FULL_REQUEST is not always a good practice because it may > drop the performance of your server a little bit. > > > For ModSecurity version 3, the @inspectFile may not be necessary anymore. We > wish to support natively: > - Ruby > - Python > - Lua > - Any other suggestion? > > > (Moving this discussion to mod...@li...) > > > [1] https://github.com/SpiderLabs/ModSecurity/wiki/Reference- > Manual#files_tmpnames > [2] https://github.com/SpiderLabs/ModSecurity/wiki/Reference- > Manual#inspectfile > [3] https://github.com/SpiderLabs/ModSecurity/wiki/Reference- > Manual#secrulescript > > > > Br., > Felipe ?Zimmerle? Costa > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > > > > > > On 12/8/15, 4:50 AM, "Gryzli Bugbear" <gry...@gm...> wrote: > > >Hi all, > > > >I'm trying to make some rules work, and see some very strange behaviour. > > > >I have the following rule in mod_security: > >--- > >SecRule FULL_REQUEST "@inspectFile /tmp/test_script.pl" "id:159, deny, > >status:406, phase:2" > >--- > > > >When I pass some request to Apache I get bunch of logs in error_log > >looking like this: > >========= > >/bin/sh: line 2: Host:: command not found > >/bin/sh: line 3: Connection:: command not found > >/bin/sh: line 4: Accept:: command not found > >/bin/sh: line 5: Upgrade-Insecure-Requests:: command not found > >/bin/sh: -c: line 6: syntax error near unexpected token `(' > >/bin/sh: -c: line 6: `User-Agent: Mozilla/5.0 (X11; Linux x86_64) > >AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36' > >/bin/sh: line 2: Host:: command not found > >/bin/sh: line 3: Connection:: command not found > >/bin/sh: line 4: Accept:: command not found > >/bin/sh: line 5: Upgrade-Insecure-Requests:: command not found > >/bin/sh: -c: line 6: syntax error near unexpected token `(' > >/bin/sh: -c: line 6: `User-Agent: Mozilla/5.0 (X11; Linux x86_64) > >AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36' > >=========== > > > >It seems that ModSecurity is unable to correctly escape the arguments, > >which must be sent to the /tmp/test_scrip.pl, which results to > >execution tries in /bin/sh. > > > >This behavior looks extremely dangerous, cause attacker could easily > >use it to execute malicious code with Apache user. > > > >Is this a bug, or there is an option to make ModSecuriy escape > >correctly the arguments passed ? > > > >Regards, > >Gryzli > > > >----------------------------------------------------------------------- > >------- Go from Idea to Many App Stores Faster with Intel(R) XDK Give > >your users amazing mobile app experiences with Intel(R) XDK. > >Use one codebase in this all-in-one HTML5 development environment. > >Design, debug & build mobile apps & 2D/3D high-impact games for multiple > OSs. > >http://scanmail.trustwave.com/?c=4062&d=sozm1oGKqts4aZ2DnwV7U8LosM > 7zRZ1 > >IEmGX6zHnvw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2f > gampad% > >2fclk%3fid%3d254741911%26iu%3d%2f4140 > >_______________________________________________ > >mod-security-users mailing list > >mod...@li... > >http://scanmail.trustwave.com/?c=4062&d=sozm1oGKqts4aZ2DnwV7U8LosM > 7zRZ1 > >IEjaR7DO06Q&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2f > lis > >tinfo%2fmod-security-users Commercial ModSecurity Rules and Support > >from Trustwave's SpiderLabs: > >http://scanmail.trustwave.com/?c=4062&d=sozm1oGKqts4aZ2DnwV7U8LosM > 7zRZ1 > >IEmTDuGrg7Q&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojec > ts%2fcom > >mercial%2frules%2f > >http://scanmail.trustwave.com/?c=4062&d=sozm1oGKqts4aZ2DnwV7U8LosM > 7zRZ1 > >IEmXH6ma0uA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fproje > cts%2fcom > >mercial%2fsupport%2f > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the intended > recipient, you are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance thereon) is > strictly prohibited. If you received this transmission in error, please immediately > contact the sender and destroy the material in its entirety, whether in electronic > or hard copy format. > > ------------------------------ > > Message: 3 > Date: Mon, 4 Jan 2016 17:09:54 +0000 > From: Felipe Costa <FC...@tr...> > Subject: [Mod-security-developers] More about ModSecurity version 3 > To: "mod...@li..." > <mod...@li...> > Cc: "mod...@li..." > <mod...@li...> > Message-ID: <2EF...@tr...> > Content-Type: text/plain; charset="utf-8" > > Hi Guys, > > Not sure if you had the opportunity to saw, recently I made two blog posts > about the libModSecurity, available here: > > Felipe ?Zimmerle? Costa > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com<http://www.trustwave.com/> > > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the intended > recipient, you are hereby notified that any disclosure, copying, distribution, or > use of the information contained herein (including any reliance thereon) is > strictly prohibited. If you received this transmission in error, please immediately > contact the sender and destroy the material in its entirety, whether in electronic > or hard copy format. > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > ------------------------------------------------------------------------------ > > > ------------------------------ > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > > End of mod-security-developers Digest, Vol 53, Issue 1 > ****************************************************** |
|
From: Felipe C. <FC...@tr...> - 2016-01-04 17:11:37
|
Missing links: https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/ https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Python-Bindings--Parsing-ModSecurity-rules-from-Python/<https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Python-Bindings--Parsing-ModSecurity-rules-from-Python/?page=1&year=0&month=0> Br., Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Felipe Zimmerle <FC...@tr...<mailto:FC...@tr...>> Date: Monday, January 4, 2016 at 2:09 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Cc: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: More about ModSecurity version 3 Hi Guys, Not sure if you had the opportunity to saw, recently I made two blog posts about the libModSecurity, available here: Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2016-01-04 17:10:02
|
Hi Guys, Not sure if you had the opportunity to saw, recently I made two blog posts about the libModSecurity, available here: Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
10 messages has been excluded from this view by a project administrator.
