mod-security-developers Mailing List for ModSecurity (Page 13)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Marc S. <mar...@ap...> - 2015-09-21 11:34:47
|
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Very good idea.<br>
Skype is also an option, no? Voice, screen sharing, ...<br>
<div class="moz-signature"><br>
<small>
<p style="float:left; margin:20px 8px 0 0"><br>
</p>
<p style="float:left; margin-left:8px"><small><b>Marc Stern</b><br>
Senior Information Security Consultant - Head of Security
Consulting<br>
Approach Belgium - <a href="http://www.approach.be">www.approach.be</a><br>
Axis Park - Rue Edouard Belin 7 - 1435 Louvain-la-Neuve
(Mont-Saint-Guibert) - Belgium<br>
<a href="http://www.linkedin.com/in/marcstern"
style="color:#2171b5">LinkedIn</a></small></p>
<small>
<div style="clear:both">
<hr>
<p style="font-family:'Arial Narrow'; font-size:75%;
color:gray">This e-mail and any attachment are
confidential and intended solely for the use of the
individual to whom it is addressed. If you are not the
intended recipient, please contact the sender and delete
this message and any attachment from your system.
Unauthorised publication, use, dissemination, forwarding,
printing or copying of this e-mail and its associated
attachments is strictly prohibited.</p>
</div>
</small></small></div>
<br>
<br>
<blockquote type="cite">
<pre wrap="">Date: Fri, 18 Sep 2015 14:17:28 +0000
From: Felipe Costa <a class="moz-txt-link-rfc2396E" href="mailto:FC...@tr..."><FC...@tr...></a>
Subject: [Mod-security-developers] ModSecurity(-dev) community meeting
To: <a class="moz-txt-link-rfc2396E" href="mailto:mod...@li...">"mod...@li..."</a>
<a class="moz-txt-link-rfc2396E" href="mailto:mod...@li..."><mod...@li...></a>
Cc: Ryan Barnett <a class="moz-txt-link-rfc2396E" href="mailto:rya...@ow..."><rya...@ow...></a>
Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:D221A346.1478D%fc...@tr..."><D221A346.1478D%fc...@tr...></a>
Hi Guys,
I would like to know if you are interested to participate in a monthly
meeting
about the status of ModSecurity Open Source project (Issues, Pending merge
requests,
new features and etc?).
Could be in the same format used in other open source projects, such as
AppArmor:
<a class="moz-txt-link-freetext" href="http://wiki.apparmor.net/index.php/MeetingAgenda">http://wiki.apparmor.net/index.php/MeetingAgenda</a>
We can use IRC or Hangout.
Thanks,
Felipe ?Zimmerle? Costa
Security Researcher, SpiderLabs
</pre>
</blockquote>
</body>
</html>
|
|
From: Walter H. <mo...@sp...> - 2015-09-21 10:02:48
|
> Hi Guys, > > I would like to know if you are interested to participate in a monthly > meeting > about the status of ModSecurity Open Source project (Issues, Pending merge > requests, > new features and etcŠ). > > Could be in the same format used in other open source projects, such as > AppArmor: > http://wiki.apparmor.net/index.php/MeetingAgenda > > We can use IRC or Hangout. Sounds great, I would advocate IRC. -- Walter Hop | PGP key: https://lifeforms.nl/pgp |
|
From: Christian F. <chr...@ti...> - 2015-09-18 18:44:03
|
Hi there, Yes, I am interested. Once a month sounds like a good rhythm. I agree with Kurt, that irc has advantages. Do you consider to cover the Core-Rules as well? That would be very beneficial in my eyes. And finally, may I suggest to invite Marc Stern as well? I am not sure he is on the dev-list. Ahoj, Christian On Fri, Sep 18, 2015 at 10:38:14AM -0600, Kurt Seifried wrote: > Can a specific agenda be posted? Also if it occurs on IRC if it can be > "recorded" and the meeting minutes posted to the list for people that can't > make it that would be awesome. Thanks! > > On Fri, Sep 18, 2015 at 8:17 AM, Felipe Costa <FC...@tr...> wrote: > > > Hi Guys, > > > > I would like to know if you are interested to participate in a monthly > > meeting > > about the status of ModSecurity Open Source project (Issues, Pending merge > > requests, > > new features and etcŠ). > > > > Could be in the same format used in other open source projects, such as > > AppArmor: > > http://wiki.apparmor.net/index.php/MeetingAgenda > > > > > > We can use IRC or Hangout. > > > > Thanks, > > Felipe ³Zimmerle² Costa > > Security Researcher, SpiderLabs > > > > Trustwave | SMART SECURITY ON DEMAND > > www.trustwave.com <http://www.trustwave.com/> > > > > > > > > ________________________________ > > > > This transmission may contain information that is privileged, > > confidential, and/or exempt from disclosure under applicable law. If you > > are not the intended recipient, you are hereby notified that any > > disclosure, copying, distribution, or use of the information contained > > herein (including any reliance thereon) is strictly prohibited. If you > > received this transmission in error, please immediately contact the sender > > and destroy the material in its entirety, whether in electronic or hard > > copy format. > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > > > > -- > > -- > Kurt Seifried -- Red Hat -- Product Security -- Cloud > PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 > Red Hat Product Security contact: sec...@re... > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- Christian Folini Ringstrasse 2 CH-3639 Kiesen +41 (0)31 301 60 71 (H) +41 (0)79 220 23 76 (M) mailto:chr...@ne... (Business) mailto:chr...@ti... (Private) http://www.christian-folini.ch |
|
From: Kurt S. <kse...@re...> - 2015-09-18 17:06:27
|
Can a specific agenda be posted? Also if it occurs on IRC if it can be "recorded" and the meeting minutes posted to the list for people that can't make it that would be awesome. Thanks! On Fri, Sep 18, 2015 at 8:17 AM, Felipe Costa <FC...@tr...> wrote: > Hi Guys, > > I would like to know if you are interested to participate in a monthly > meeting > about the status of ModSecurity Open Source project (Issues, Pending merge > requests, > new features and etcŠ). > > Could be in the same format used in other open source projects, such as > AppArmor: > http://wiki.apparmor.net/index.php/MeetingAgenda > > > We can use IRC or Hangout. > > Thanks, > Felipe ³Zimmerle² Costa > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > ________________________________ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > -- -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: sec...@re... |
|
From: Felipe C. <FC...@tr...> - 2015-09-18 14:17:37
|
Hi Guys, I would like to know if you are interested to participate in a monthly meeting about the status of ModSecurity Open Source project (Issues, Pending merge requests, new features and etcŠ). Could be in the same format used in other open source projects, such as AppArmor: http://wiki.apparmor.net/index.php/MeetingAgenda We can use IRC or Hangout. Thanks, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: biecobatrace . <ast...@gm...> - 2015-08-18 13:55:40
|
Hi, I'm a newbye of mod_security. I've experience a lot of problems with the admin section of hostes websites like Magento, Drupal & Wordpress. Savin a product or a content is blocked by a particolar rule. Is there a smart way to use mod_security without interfering with this CMS ? Regards, Samuele |
|
From: Big W. <d0l...@ya...> - 2015-07-31 08:26:40
|
I need help on how to setup and execute the standalone version of ModSecurity for research purposes.Thanks in advance. |
|
From: Matt S. <mat...@ke...> - 2015-06-12 14:45:07
|
I have installed modsecurity on Windows 2012 R2 with IIS 8.5. Events are showing in the windows event log with SecRuleEngine DetectionOnly. My ASP.NET sites will load, but I can't login to them. As soon as I disable modsecurity from the machine web.config I can login. Anyone have this working on IIS 8.5? |
|
From: Francisco M. <fra...@gm...> - 2015-04-30 04:30:56
|
Hello, We are running the 1.8.0 version of Nginx with Modsecurity 2.9.0 nginx_refactoring branch compiled. 2015/04/29 19:51:38 [notice] 6430#0: ModSecurity for nginx (STABLE)/2.9.0 ( http://www.modsecurity.org/) configured. 2015/04/29 19:51:38 [notice] 6430#0: ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" 2015/04/29 19:51:38 [notice] 6430#0: ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" 2015/04/29 19:51:38 [notice] 6430#0: ModSecurity: LUA compiled version="Lua 5.1" 2015/04/29 19:51:38 [notice] 6430#0: ModSecurity: LIBXML compiled version="2.7.6" 2015/04/29 19:51:38 [notice] 6430#0: ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On. In our configuration, we want to set the CORS headers to any request accessing us. For doing that, in nginx we do: add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Credentials' $cors_credentials always; add_header 'Access-Control-Allow-Methods' $cors_methods always; add_header 'Access-Control-Allow-Headers' $cors_headers always; add_header 'Access-Control-Max-Age' $cors_maxage always; Note that we use the *always* keyword so that we *always* add those headers even when the backend (which is running with a proxy_pass) returns an error. Our location in nginx configuration file looks like this: location / { ModSecurityEnabled on; ModSecurityConfig modsecurity.d/modsecurity.conf; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Credentials' $cors_credentials always; add_header 'Access-Control-Allow-Methods' $cors_methods always; add_header 'Access-Control-Allow-Headers' $cors_headers always; add_header 'Access-Control-Max-Age' $cors_maxage always; if ($user) { proxy_pass http://nextver; break; } proxy_pass http://currver; } When doing a curl I don't see the "Access-Control" headers. If I comment "ModSecurityEnabled/Config " lines, I can see them there: < Access-Control-Allow-Origin: * < Access-Control-Allow-Credentials: true < Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS < Access-Control-Allow-Headers: X-USER-AGENT, X-REQUESTED-WITH, X-USER-VERSION, X-COUNTRY-CODE < Access-Control-Max-Age: 86400 I can also see the wanted headers if I access to a non-error page. I've been looking a little into the code and it seems there was a somewhat related bug solved by https://github.com/SpiderLabs/ModSecurity/pull/749/files . My guess is that the somewhat new *always* directive is messing things up, as I see that if make a request to a URL that returns a non-error, the headers are there. My (flawed) intuition tells me that maybe the *always* directive is somehow not honored by modsecurity and it will block headers on an error? Can anyone point me how to delve into this issue further, to confirm my suspicions, or look into the possible bug themselves? Thanks for your help, /fran |
|
From: Phil D. <ux...@sp...> - 2015-04-13 14:56:04
|
Hmm, seems for some reason that msr->hostname is always blank/NULL in msc_logging.c ----- Original Message ----- From: "Phil Daws" <ux...@sp...> To: mod...@li... Sent: Monday, 13 April, 2015 14:57:14 Subject: [Mod-security-developers] ModSec and NGINX Question Hello: we have started to migrate away from Apache to NGINX and begun using ModSec with it. What we are seeing is that when an entry is written to the audit log the domain is always missing from the entry ? Have checked the modsecurity.conf between the Apache and NGINX installation and they look the same. Would it be better using the mainstream code or the NGINX refactoring one I see on GIT ? Thanks, Phil (null) (null) ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php (null) (null) |
|
From: Phil D. <ux...@sp...> - 2015-04-13 13:59:19
|
Hello: we have started to migrate away from Apache to NGINX and begun using ModSec with it. What we are seeing is that when an entry is written to the audit log the domain is always missing from the entry ? Have checked the modsecurity.conf between the Apache and NGINX installation and they look the same. Would it be better using the mainstream code or the NGINX refactoring one I see on GIT ? Thanks, Phil (null) (null) |
|
From: Fayyaz, M. <muh...@ba...> - 2015-03-25 16:10:33
|
I have tried both but no luck. Is it a bug in modsecurity ? Regards Muhammad -----Original Message----- From: Felipe Costa [mailto:FC...@tr...] Sent: 23 March 2015 17:01 To: mod...@li... Subject: Re: [Mod-security-developers] Failed to write to DBM file Hi Muhammad, Check the permissions for that directory and/or try to specify an alternative directory: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secdatadir Br, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 3/23/15, 1:32 PM, "Fayyaz, Muhammad" <muh...@ba...> wrote: >Hi Guys, > >Any idea how to deal with the following issue: > >collection_store: Failed to write to DBM file >"D:/Apache24/modules/mod_security-2/mod_security-data/global": Invalid >argument > >Regards >Muhammad >Please consider the environment before printing this email. This >message should be regarded as confidential. If you have received this >email in error please notify the sender and destroy it immediately. >Statements of intent shall only become binding when confirmed in hard >copy by an authorised signatory. The contents of this email may relate >to dealings with other companies under the control of BAE Systems >Applied Intelligence Limited, details of which can be found at >http://scanmail.trustwave.com/?c=4062&d=4cCQ1TuAZ0yGbfFkfkitBfz5fGTxWqA >bCb >eqgMFVmw&s=5&u=http%3a%2f%2fwww%2ebaesystems%2ecom%2fBusinesses%2findex >%2e >htm > >----------------------------------------------------------------------- >--- >---- >Dive into the World of Parallel Programming The Go Parallel Website, >sponsored by Intel and developed in partnership with Slashdot Media, is >your hub for all things parallel software development, from weekly >thought leadership blogs to news, videos, case studies, tutorials and >more. Take a look and join the conversation now. >http://scanmail.trustwave.com/?c=4062&d=4cCQ1TuAZ0yGbfFkfkitBfz5fGTxWqA >bCe -u0MJayQ&s=5&u=http%3a%2f%2fgoparallel%2esourceforge%2enet%2f >_______________________________________________ >mod-security-developers mailing list >mod...@li... >http://scanmail.trustwave.com/?c=4062&d=4cCQ1TuAZ0yGbfFkfkitBfz5fGTxWqA >bCe >f8i8NVyQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistin >fo% >2fmod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems Applied Intelligence Limited, details of which can be found at http://www.baesystems.com/Businesses/index.htm. |
|
From: Felipe C. <FC...@tr...> - 2015-03-23 17:01:36
|
Hi Muhammad, Check the permissions for that directory and/or try to specify an alternative directory: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secdatadir Br, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 3/23/15, 1:32 PM, "Fayyaz, Muhammad" <muh...@ba...> wrote: >Hi Guys, > >Any idea how to deal with the following issue: > >collection_store: Failed to write to DBM file >"D:/Apache24/modules/mod_security-2/mod_security-data/global": Invalid >argument > >Regards >Muhammad >Please consider the environment before printing this email. This message >should be regarded as confidential. If you have received this email in >error please notify the sender and destroy it immediately. Statements of >intent shall only become binding when confirmed in hard copy by an >authorised signatory. The contents of this email may relate to dealings >with other companies under the control of BAE Systems Applied >Intelligence Limited, details of which can be found at >http://scanmail.trustwave.com/?c=4062&d=4cCQ1TuAZ0yGbfFkfkitBfz5fGTxWqAbCb >eqgMFVmw&s=5&u=http%3a%2f%2fwww%2ebaesystems%2ecom%2fBusinesses%2findex%2e >htm > >-------------------------------------------------------------------------- >---- >Dive into the World of Parallel Programming The Go Parallel Website, >sponsored >by Intel and developed in partnership with Slashdot Media, is your hub >for all >things parallel software development, from weekly thought leadership >blogs to >news, videos, case studies, tutorials and more. Take a look and join the >conversation now. >http://scanmail.trustwave.com/?c=4062&d=4cCQ1TuAZ0yGbfFkfkitBfz5fGTxWqAbCe >-u0MJayQ&s=5&u=http%3a%2f%2fgoparallel%2esourceforge%2enet%2f >_______________________________________________ >mod-security-developers mailing list >mod...@li... >http://scanmail.trustwave.com/?c=4062&d=4cCQ1TuAZ0yGbfFkfkitBfz5fGTxWqAbCe >f8i8NVyQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo% >2fmod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Fayyaz, M. <muh...@ba...> - 2015-03-23 16:33:07
|
Hi Guys, Any idea how to deal with the following issue: collection_store: Failed to write to DBM file "D:/Apache24/modules/mod_security-2/mod_security-data/global": Invalid argument Regards Muhammad Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems Applied Intelligence Limited, details of which can be found at http://www.baesystems.com/Businesses/index.htm. |
|
From: Felipe C. <FC...@tr...> - 2015-03-18 12:38:17
|
Ola Raphael, ModSecurity core is driven by utilized rules. Those rules can be made by yourself or you can use rules provided by the community or Even use a commercial package [1]. ModSecurity core provides a set of functionalities that can be used by the rules in order to assess a given http transaction (request, response, client reputation, etcŠ). For more information about this rules language you can have a look at the ModSecurity Reference Manual [2]. There are several ways to extend ModSecurity, including: - calling external softwares [3] - lua scripts [4] - python scripts [5] - ModSecurity core itself, by creating new operator(s) [6] It will be a pleasure to help! Let me know if you need more information. [1] http://www.modsecurity.org/rules.html [2] https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual [3] https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#exec [4] https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secrulescri pt [5] https://github.com/SpiderLabs/ModSecurity/tree/experimental_python_support [6] https://github.com/SpiderLabs/ModSecurity/blob/master/apache2/re_operators. c Br, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> From: Raphael Jubram <rap...@gm...> Reply-To: "mod...@li..." <mod...@li...> Date: Monday, March 16, 2015 at 9:02 PM To: "mod...@li..." <mod...@li...> Subject: [Mod-security-developers] Hello All Hi! My name is Raphael, I'm a Brazilian Computer Science undergraduate student. I have started a research about AI algorithms applied to WAF. I would like to understand some different open source WAF programs and which algorithms they use to analyse HTTP requests. I'll be glad to have a conversation with anyone that could help me! At the end of the research, I can share my results with you guys. Thanks! ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Raphael J. <rap...@gm...> - 2015-03-17 00:02:08
|
Hi! My name is Raphael, I'm a Brazilian Computer Science undergraduate student. I have started a research about AI algorithms applied to WAF. I would like to understand some different open source WAF programs and which algorithms they use to analyse HTTP requests. I'll be glad to have a conversation with anyone that could help me! At the end of the research, I can share my results with you guys. Thanks! |
|
From: Felipe C. <FC...@tr...> - 2015-03-06 21:31:43
|
Hi Vérène, Thank you for your interest, contributions are very welcomed. In ModSecurity we have different logs: 1 Web server log: 1-line log which contains very brief information (apache error log). 2 Audit logs: Depending on the configuration, it can save an entire transaction [8]. 3 Debug logs: Recommended to be used while creating/editing/debugging rules. It seems that you are interested in the audit logs. We have some issues opened on our github regarding saving the audit logs in formats that are not its original one, Including JSON and XML. Since there are different needs in terms of log format, we start to implement an Utility named mlgoc-ng [6]. This utility works with pipelines where the first element is a producer (responsible for reading and parser the logs), and the subsequent elements can process the log information (including transform it into another formats, such as: JSON). In that pipeline the last element can save the content on disk and/or delivery the content to a central log server. Notice that there are two different things: mlgoc [7] and mlogc-ng. Mlogc is an utility that basically allows you to send the logs over the network. This is what is used to send logs to AuditConsole [1] and WAF-FLE [2]. (There are alternatives, as example of: [3]). Other interesting approach is the utilization of the logstash [4]. There is this logstash-modsecurity [5] which is capable to understand the format on audit logs and transform it in something else. I believe that the best option is the utilization of the mlogc-ng as it already reads the log for you and gives you an c-structure. Apparently you only have to code a Mlogc-ng element that will disposal the data in the XML format (expressed on the RFC 4765). Optionally you can create a second module that will be able to send this xml to a end server. The mlogc-ng pipeline will be something like: read_from_filesystem -> transform to RFC 4765 format -> dispatch to an end server Alternatively: read_from_filesystem -> transform to RFC 4765 format -> save to disk Here is an example of how an mlogc-ng element looks like: https://github.com/SpiderLabs/modsecurity-mlogc-ng/blob/master/pipe_element s/send_to_server.c Let me know If you need any help to implement this, I will be glad to help. [1] https://jwall.org/web/audit/console/index.jsp [2] http://waf-fle.org/ [3] https://jwall.org/tools/jwall-tools.jsp [4] http://logstash.net/ [5] https://github.com/bitsofinfo/logstash-modsecurity [6] https://github.com/SpiderLabs/modsecurity-mlogc-ng [7] https://github.com/SpiderLabs/ModSecurity/tree/master/mlogc [8] https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#A udit_Log Thanks, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> From: Vérène Houdebine <ver...@re...> Reply-To: "mod...@li..." <mod...@li...> Date: Wednesday, March 4, 2015 at 1:52 PM To: "mod...@li..." <mod...@li...> Subject: [Mod-security-developers] Implementing IDMEF Hello, We are interested in implementing the IDMEF format in modsecurity. For those of you who don¹t know it yet, IDMEF is a data format defined in the RFC 4765. That would mean adding an option to avoid regular log and, instead, directly send IDMEF alerts to a prelude manager. We are working on this project in the context of our student¹s project. Is it adequate to add a new module? Do you have any idea/advice/suggestion as to where we can fetch the information? Or do you have some complementary documentation about how the code is organized? Thank you very much in advance! Vérène ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Vérène H. <ver...@re...> - 2015-03-04 17:07:54
|
Hello, We are interested in implementing the IDMEF format in modsecurity. For those of you who don’t know it yet, IDMEF is a data format defined in the RFC 4765. That would mean adding an option to avoid regular log and, instead, directly send IDMEF alerts to a prelude manager. We are working on this project in the context of our student’s project. Is it adequate to add a new module? Do you have any idea/advice/suggestion as to where we can fetch the information? Or do you have some complementary documentation about how the code is organized? Thank you very much in advance! Vérène |
|
From: Derek W. <the...@gm...> - 2015-02-25 22:45:48
|
I prefer to run my apache virtualhost sites with AllowOverride none. But
while running drupal you need those .htaccess file contents. To get those
contents at Apache startup for each vhost config.
<VirtualHost *:80>
..
..
<Directory /var/www/dev-web01>
AllowOverride none
Include /var/www/dev-web01/.htaccess
</Directory>
<Directory /var/www/dev-web01/sites/default/files>
Include /var/www/dev-web01/sites/default/files/.htaccess
</Directory>
</VirtualHost>
Problem is that these paths /var/www/ etc.. are relative to the chroot
root. But Apache doesn't read those files relative to the chroot. Apache
at startup is looking at /opt/chroot/var/www ....
Is there a better way to do this? I realize that including a file from
user space is not a good idea either.
Cheers
Derek
|
|
From: Fayyaz, M. <muh...@ba...> - 2015-02-23 11:56:37
|
Guys, I have got two questions if anyone can shed some light : - Apart from the documentation of Core Rule Set, included as part of each rule code file, is there any other documentation resource one can suggest, which should explain the rules in more details. Example: https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-960911 - What approach one should follow to decide the number of rules, from owasp core rule set, should be considered as mandatory rules in respect of QA for a web application. Your help will be much appreciated. Regards Muhammad Fayyaz Engineer BAE Systems Applied Intelligence ___________________________________________________________ BAE Systems Applied Intelligence, Surrey Research Park, Guildford, Surrey, GU2 7RQ. www.baesystems.com/ai<http://www.baesystems.com/ai> Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems Applied Intelligence Limited, details of which can be found at http://www.baesystems.com/Businesses/index.htm. |
|
From: Bruno de A. <br...@sa...> - 2015-02-19 12:31:50
|
If you have less than 500MB worth of logs per day, you could use the free version of splunk and install the ModSecurity app. https://apps.splunk.com/app/880/ Bruno You could try WAF-FLE https://github.com/klaubert/waf-fle Atenciosamente, * Marcus Semblano * ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php |
|
From: Marcus S. <mar...@lo...> - 2015-02-19 11:46:10
|
You could try WAF-FLE https://github.com/klaubert/waf-fle Atenciosamente, Marcus Semblano |
|
From: Fayyaz, M. <muh...@ba...> - 2015-02-19 10:07:04
|
Guys, I have tried an AuditViewer by https://www.jwall.org/web/audit/viewer.jsp but unfortunately I found this application with lots of bugs, simple unable to load my audit logs in to that viewer. Can anyone suggest any specific version of the AuditViewer which surely works OR is there any other free viewer available as an alternative? Regards Muhammad Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems Applied Intelligence Limited, details of which can be found at http://www.baesystems.com/Businesses/index.htm. |
|
From: Christian F. <chr...@ti...> - 2015-02-16 13:32:02
|
Hi there, Apache 2.4 brings the ability to reformat the ErrorLog. However, many options do not work with ModSecurity, as the wrong library call is used. I have submitted a tiny patch to move from "ap_log_error" to "ap_log_rerror", the more appropriate, request-specific library call, which transmits the full request record, so Apache can extract useful information. https://github.com/SpiderLabs/ModSecurity/pull/840 Please take a look. Christian |
|
From: Athmane M. <ath...@gm...> - 2015-02-13 21:31:02
|
Hi, As you may know, mod_security packages on RHEL/CentOS 6 and 7 are slightly old (or stable if you like); So I have setup a repo [1] that tracks Fedora rawhide (aka devel) packages which are more up-to-date (currently 2.9.0), I usually update it after pushing the packages to Rawhide. [1] https://copr.fedoraproject.org/coprs/athmane/mod_security/ Best regards -- Athmane |
10 messages has been excluded from this view by a project administrator.
