mod-security-developers Mailing List for ModSecurity (Page 17)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Derek W. <the...@gm...> - 2014-04-02 12:32:37
|
I've given up on nginx and modsecurity. Not because I don't think it works but because nginx is not a good forward proxy. I'm now working to get the cross compile to work for the modsecurity and apache. I'm using the latest rc 2.8.0 and am getting a compile error, not sure if its due to tool chain issues or an issue with the code. I've downloaded the code from git. https://github.com/SpiderLabs/ModSecurity/releases/download/v2.8.0-rc1/ msc_status_engine.c: In function 'msc_status_engine_machine_name': msc_status_engine.c:137:26: error: storage size of 'u' isn't known static struct utsname u; ^ make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 Thanks Derek On Sat, Feb 22, 2014 at 8:51 PM, Derek Werthmuller <the...@gm...>wrote: > Working on setting modsecurity with nginx in a forward proxy configuration > on a raspberry pi. > I've got modsecurity building ok it seems. Have nginx building with out > modsecurity ok. But nginx will not link properly with modsecurity. > > nginx 1.5.10 > apache 2.2.26 > modsecurity 2.7.7 > > Getting lots of messages like > modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined > reference to `apr_bucket_free' > > nginx doesn't have a with-apr section in its configure script, so I figure > this is referring to modsecurity's use of apr. > > Also seems to be having trouble finding the libxml2 libraries. > Bunch of these messages too. > ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): > In function `hash_response_body_links': > msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' > msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' > > Any guidance on getting this compiled correctly? > Cheers > > |
|
From: Felipe C. <FC...@tr...> - 2014-04-01 03:16:45
|
Hi, It is a pleasure to announce that ModSecurity version 2.8.0-RC1 is now ready! This release candidate contains new features, bug fixes and improvements. The new features are: * JSON Parser is no longer under tests. Now it is part of our mainline. * Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit) now support white and suspicious list. * New variables: FULL_REQUEST and FULL_REQUEST_LENGTH were added, allowing the rules to access the full content of a request. * ModSecurity status is now part of our mainline. * New operator: @detectXSS was added. It makes usage of the newest libinjection XSS detection functionality. * Append and prepend are now supported on nginx (Ref: #635<https://github.com/SpiderLabs/ModSecurity/issues/635>). * SecServerSignature is now available on nginx (Ref: #637<https://github.com/SpiderLabs/ModSecurity/issues/637>). Check out the full list of changes straight from GitHub: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.8.0-rc1 Besides the listed changes we are also modifying the name of our release tarball. We were labeling our release by: "modsecurity-apache_X.Y.Z.tar.gz", since we started to support Nginx, this name became outdated. Now we are labeling it as "modsecurity-X.Y.Z.tar.gz". For those who are automagically generating packages, it won't be a problem, the old naming policy will be preserved on the modsecurity.org<http://modsecurity.org> server. As in the last release, this will be stored in two different servers: modsecurity.org<http://modsecurity.org> and GitHub. Hashes will be provided for the tarball integrity verification. The release tags are also GPG-Signed. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Anoop S. <ano...@gm...> - 2014-03-30 16:06:36
|
Hi, I was checking out the MULTIPART_FILENAME keyword out and I noticed that if we have multiple files being uploaded, the MULTIPART_FILENAME would hold the filename for the last part/filename from the post payload. Is the above implementation to hold only the last filename intentional or is it a bug? -- ------------------------------- Anoop Saldanha http://www.poona.me ------------------------------- |
|
From: Mahesh A. <ma...@le...> - 2014-03-26 10:20:08
|
Hi We are using apache server with JBOSS. We have three Java web application having their own JBOSS server. However, Apache is same. I would like to know how can I apply the modsecurity only for one application? I know my question is bit vague but can provide more information if required. |
|
From: Felipe C. <FC...@tr...> - 2014-03-20 18:25:59
|
Hi Bruno, Thanks for the detailed debugging information. I have just made some modifications on the code in order to fix the problem. The branch json_top_of_2_7_7 no longer exists, I would like to ask you to test the branch json instead: https://github.com/SpiderLabs/ModSecurity/tree/json This new branch does not only contains this specific bugfix but it is up-to-date with our master branch. Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 13, 2014, at 8:07 AM, Bruno Savioli <br...@sa...<mailto:br...@sa...>> wrote: Hi Felipe, Thanks for the instructions. Here's the output of 'bt full', hope it helps. Program received signal SIGSEGV, Segmentation fault. __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 213 movlpd (%rdi), %xmm1 Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 db4-4.7.25-18.el6_4.x86_64 expat-2.0.1-11.el6_2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.6.x86_64 libcom_err-1.41.12-18.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 libuuid-2.17.2-12.14.el6.x86_64 libxml2-2.7.6-14.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-3.el6_5.x86_64 nss-softokn-freebl-3.14.3-9.el6.x86_64 nss-util-3.15.3-1.el6_5.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 openssl-1.0.1e-16.el6_5.4.x86_64 pcre-7.8-6.el6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) (gdb) bt full #0 __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 No locals. #1 0x00007ffff2b81f7c in sec_audit_logger (msr=0x7ffff8d1da80) at msc_logging.c:699 arg = 0x7ffff8d47fa8 sorted_args = 0x7ffff8d5ba68 nextarg = 0x0 tarr = 0x7ffff8d39640 telts = 0x7ffff8d39768 offset = 0 last_offset = 0 sanitize = 0 my_error_msg = 0x0 arr = 0x7ffff8d48250 te = 0x7ffff8d48378 tarr_pattern = 0x7ffff8d33b68 telts_pattern = 0x7ffff8d33c90 str1 = 0x0 str2 = 0x0 text = 0x7ffff8d5ba50 "Content-Length: 133\n" rule = 0x0 next_rule = 0x0 nbytes = 0 nbytes_written = 140737368015808 md5hash = "\000\000\000\000\000\000\000\000\330\301\323\370\377\177\000" was_limited = 0 present = 0 wrote_response_body = 0 entry_filename = 0xf8d3ba88 <Address 0xf8d3ba88 out of bounds> entry_basename = 0x7fffffffdc90 "h\272\325\370\377\177" rc = 0 i = 0 limit = -132113904 k = 32767 sanitized_partial = 0 j = 32767 buf = 0x0 pat = 0x0 mparm = 0x0 arg_min = 32767 arg_max = -120464768 sanitize_matched = 0 #2 0x00007ffff2b79225 in modsecurity_process_phase_logging (msr=0x7ffff8d1da80) at modsecurity.c:695 time_before = 1392288967111028 time_after = 1392288967111070 #3 0x00007ffff2b794b5 in modsecurity_process_phase (msr=0x7ffff8d1da80, phase=5) at modsecurity.c:801 No locals. #4 0x00007ffff2b77190 in hook_log_transaction (r=0x7ffff8d1c1f8) at mod_security2.c:1217 arr = 0x7ffff8d5e0a0 origr = 0x7ffff8d1c1f8 ---Type <return> to continue, or q <return> to quit--- msr = 0x7ffff8d1da80 #5 0x00007ffff7fc8600 in ap_run_log_transaction (r=0x7ffff8d1c1f8) at /usr/src/debug/httpd-2.2.15/server/protocol.c:1705 pHook = <value optimized out> n = <value optimized out> rv = <value optimized out> #6 0x00007ffff7fe5a7f in ap_process_request (r=0x7ffff8d1c1f8) at /usr/src/debug/httpd-2.2.15/modules/http/http_request.c:308 access_status = <value optimized out> #7 0x00007ffff7fe29a8 in ap_process_http_connection (c=0x7ffff8cadcf8) at /usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190 r = 0x7ffff8d1c1f8 csd = 0x0 #8 0x00007ffff7fde6b8 in ap_run_process_connection (c=0x7ffff8cadcf8) at /usr/src/debug/httpd-2.2.15/server/connection.c:43 pHook = <value optimized out> n = <value optimized out> rv = <value optimized out> #9 0x00007ffff7fea977 in child_main (child_num_arg=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667 current_conn = <value optimized out> csd = 0x7ffff8cadb08 ptrans = 0x7ffff8cada88 allocator = 0x7ffff8cab980 status = <value optimized out> i = <value optimized out> lr = <value optimized out> pollset = 0x7ffff8cabc20 sbh = 0x7ffff8cabc18 bucket_alloc = 0x7ffff8d14148 last_poll_idx = 1 #10 0x00007ffff7feac46 in make_child (s=0x7ffff8212880, slot=0) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:707 pid = <value optimized out> #11 0x00007ffff7feb293 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:983 index = <value optimized out> remaining_children_to_start = <value optimized out> rv = <value optimized out> #12 0x00007ffff7fc2900 in main (argc=4, argv=0x7fffffffe338) at /usr/src/debug/httpd-2.2.15/server/main.c:760 c = 102 'f' configtestonly = <value optimized out> confname = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" def_server_root = 0x7ffff7fed1f3 "/etc/httpd" temp_error_log = 0x0 error = <value optimized out> process = 0x7ffff8212880 server_conf = 0x7ffff8212880 pglobal = 0x7ffff8209148 pconf = 0x7ffff820b158 plog = 0x7ffff823d2e8 ptemp = 0x7ffff820f178 pcommands = 0x7ffff820d168 opt = 0x7ffff820d260 rv = <value optimized out> mod = <value optimized out> ---Type <return> to continue, or q <return> to quit--- optarg = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" signal_server = <value optimized out> On 13 February 2014 03:25, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Hi Bruno, Thank you for the report. Do you mind to generate more information using GDB? I've just create a guide on how to use GDB to help in the bug reporting process, it is available under our wiki: https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <br...@sa...<mailto:br...@sa...>> wrote: Hi, I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults. Test environment: Centos 6.5 x86_64 httpd-2.2.15-29.el6.centos.x86_64 mod_security compiled with yajl-2.0.5 I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled When the request segfaults, the audit log only records parts A and B: To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw Let me know if I can help with any more information. Thanks, -- - Bruno ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php -- - Bruno ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Ryan B. <RBa...@tr...> - 2014-03-20 13:14:23
|
Sending this out one last time as time is running out for Student Submissions - http://blog.spiderlabs.com/2014/03/google-summer-of-code-gsoc-owasp-modsecurity-awesome.html Ryan Barnett Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Ryan Barnett <rba...@tr...<mailto:rba...@tr...>> Date: Saturday, March 15, 2014 6:21 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>>, "<mod...@li...<mailto:mod...@li...>>" <mod...@li...<mailto:mod...@li...>> Subject: Google Summer of Code 2014 FYI we are participating again int the Google Summer of Code (GSOC) program through OWASP. Last year - we had a student develop the ModSecurity for Java version - http://blog.spiderlabs.com/2013/09/modsecurity-for-java-beta-testers-needed.html Here are some project ideas - https://www.owasp.org/index.php/GSoC2014_Ideas#OWASP_ModSecurity_Core_Rule_Set_.28CRS.29 If you know of any students who might be interested in participating please refer them here to register - https://www.google-melange.com/gsoc/homepage/google/gsoc2014 Ryan Barnett Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Ryan B. <RBa...@tr...> - 2014-03-15 22:21:19
|
FYI we are participating again int the Google Summer of Code (GSOC) program through OWASP. Last year - we had a student develop the ModSecurity for Java version - http://blog.spiderlabs.com/2013/09/modsecurity-for-java-beta-testers-needed.html Here are some project ideas - https://www.owasp.org/index.php/GSoC2014_Ideas#OWASP_ModSecurity_Core_Rule_Set_.28CRS.29 If you know of any students who might be interested in participating please refer them here to register - https://www.google-melange.com/gsoc/homepage/google/gsoc2014 Ryan Barnett Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Ulisses M. <uli...@gm...> - 2014-03-14 13:15:02
|
This question would probably be a better fit for the mod-security users mailing list: https://lists.sourceforge.net/lists/listinfo/mod-security-users Nevertheless -- you should probably look for the latest version of the OWASP CRS project: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project []'s On Fri, Mar 14, 2014 at 8:50 AM, Imre Csaba <imi...@gm...> wrote: > Greetings. > > My mod-security version is 2.5.12. My question is, where can i download a > newest rules for this version? > > Thanks. Have a nice day :) > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > -- “If debugging is the process of removing software bugs, then programming must be the process of putting them in.” - *Edsger Dijkstra* |
|
From: Imre C. <imi...@gm...> - 2014-03-14 11:51:21
|
Greetings. My mod-security version is 2.5.12. My question is, where can i download a newest rules for this version? Thanks. Have a nice day :) |
|
From: Derek W. <the...@gm...> - 2014-03-02 23:46:41
|
Felipe, How did you get around cross compiling with-apxs=/usr/sbin/apxs ? When the apxs config wants to start httpd? But httpd can't run on the i686 arch when the binary is for arm? Can the build host use its own i686 httpd binary in the case? Cheers Derek On Sat, Mar 1, 2014 at 12:51 PM, Derek & Vicky <the...@gm...>wrote: > > Felipe, > I don't plan on packaging ModSecurity on its own, but more like a library > so that nginx can pull it it when built. I think it would be nice to add > it as a build option for the default nginx install/build for some > platforms. I don't think all the platforms that run nginx will have the > resources to take advantage of modsecurity too. > > BTW - I'll have to figure out a method to get the relevant rule sets. > CRS? like freshcalm is for calmav. Any recommendations on that front? > Thanks > Derek > > > > > On 02/28/2014 09:13 PM, Felipe Costa wrote: > > Hi Derek, > > I am happy that you managed to get it working. > > ModSecurity running on OpenWRT is something cool. Are you planning to > pack it into an "ipk"? It will be nice to install ModSecurity using "opkg" > ;) > > Contributions are very welcome. Once you have the changes ready to go, > just place a merge request using Github. If you need to discuss something > just use this thread ;) > > Thanks, > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > On Feb 28, 2014, at 10:22 PM, Derek & Vicky <the...@gm...> > wrote: > > Thanks for the diagnostics. ld shows that the linker is not finding > libraries properly as you suspected. This is the openwr t platform. Looks > to use gcc. The Issue I'm having I believe really has to do with the make > file creation. > It suggests using rpath or rpath-link so I'm working to properly integrate > them into the Makefile. > > I'll report progress when get this working. > Cheers > Derek > > > On 02/24/2014 11:53 AM, Felipe Costa wrote: > > Hi Derek, > > ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and > _tested_ through our build farm. Here you can access the logs: > > > http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx > > http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache > > We are using a Beagle Bone Black to compile and to test it. It is > running Ubuntu linux with RobertCNelson's kernel. > > I believe that you are facing a problem with your cross compiling > environment. Can you share more details about your host system? > How you are trying to make this cross-compilation? Do you have Scratchbox? > OpenEmbeeded? are you using Linaro's gcc? > > So far, I can tell you that the "config" script, which will be later > used by Nginx, is generated while you got ModSecurity configured as > standalone module. It is done that way to reflect on the Nginx > configuration the very same options that you have used in ModSecurity > compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS with > something else, you probably is losing the right paths to the cross > compiled dependencies. Check if it is replacing the cflags. You can have a > look at: > > $ cat /your/path/to/ModSecurity/nginx/modsecurity/config > > This file should contain the right paths to the cross compiled > dependencies. Also check if, while compiling Nginx, this paths are being > used by gcc. > > Other thing that you can do, is to check which libraries ModSecurity > standalone so file is linked to, just to confirm that it is linked to the > right dependencies (which should reflect your target compilation platform). > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > > > On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm...> > wrote: > > Working on setting modsecurity with nginx in a forward proxy > configuration on a raspberry pi. > I've got modsecurity building ok it seems. Have nginx building with out > modsecurity ok. But nginx will not link properly with modsecurity. > > nginx 1.5.10 > apache 2.2.26 > modsecurity 2.7.7 > > Getting lots of messages like > modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined > reference to `apr_bucket_free' > > nginx doesn't have a with-apr section in its configure script, so I > figure this is referring to modsecurity's use of apr. > > Also seems to be having trouble finding the libxml2 libraries. > Bunch of these messages too. > ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): > In function `hash_response_body_links': > msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' > msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' > > Any guidance on getting this compiled correctly? > Cheers > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool.http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > > > > _______________________________________________ > mod-security-developers mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs:https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool.http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > > > > _______________________________________________ > mod-security-developers mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs:https://www.trustwave.com/spiderLabs.php > > > |
|
From: Derek & V. <the...@gm...> - 2014-03-01 17:51:51
|
Felipe,
I don't plan on packaging ModSecurity on its own, but more like a
library so that nginx can pull it it when built. I think it would be
nice to add it as a build option for the default nginx install/build for
some platforms. I don't think all the platforms that run nginx will
have the resources to take advantage of modsecurity too.
BTW - I'll have to figure out a method to get the relevant rule sets.
CRS? like freshcalm is for calmav. Any recommendations on that front?
Thanks
Derek
On 02/28/2014 09:13 PM, Felipe Costa wrote:
> Hi Derek,
>
> I am happy that you managed to get it working.
>
> ModSecurity running on OpenWRT is something cool. Are you planning to
> pack it into an "ipk"? It will be nice to install ModSecurity using
> "opkg" ;)
>
> Contributions are very welcome. Once you have the changes ready to go,
> just place a merge request using Github. If you need to discuss
> something just use this thread ;)
>
> Thanks,
> *Felipe "Zimmerle" Costa*
> Security Researcher, SpiderLabs
>
> *Trustwave* | SMART SECURITY ON DEMAND
> www.trustwave.com <http://www.trustwave.com/>
>
> On Feb 28, 2014, at 10:22 PM, Derek & Vicky <the...@gm...
> <mailto:the...@gm...>>
> wrote:
>
>> Thanks for the diagnostics. ld shows that the linker is not finding
>> libraries properly as you suspected. This is the openwr t platform.
>> Looks to use gcc. The Issue I'm having I believe really has to do
>> with the make file creation.
>> It suggests using rpath or rpath-link so I'm working to properly
>> integrate them into the Makefile.
>>
>> I'll report progress when get this working.
>> Cheers
>> Derek
>>
>>
>> On 02/24/2014 11:53 AM, Felipe Costa wrote:
>>> Hi Derek,
>>>
>>> ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and
>>> _tested_ through our build farm. Here you can access the logs:
>>>
>>> http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx
>>> http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache
>>>
>>> We are using a Beagle Bone Black to compile and to test it. It is
>>> running Ubuntu linux with RobertCNelson's kernel.
>>>
>>> I believe that you are facing a problem with your cross compiling
>>> environment. Can you share more details about your host system?
>>> How you are trying to make this cross-compilation? Do you have
>>> Scratchbox? OpenEmbeeded? are you using Linaro's gcc?
>>>
>>> So far, I can tell you that the "config" script, which will be later
>>> used by Nginx, is generated while you got ModSecurity configured as
>>> standalone module. It is done that way to reflect on the Nginx
>>> configuration the very same options that you have used in
>>> ModSecurity compilation. If your cross compiling is replacing the
>>> CFLAGS/LDFLAGS with something else, you probably is losing the right
>>> paths to the cross compiled dependencies. Check if it is replacing
>>> the cflags. You can have a look at:
>>>
>>> $ cat /your/path/to/ModSecurity/nginx/modsecurity/config
>>>
>>> This file should contain the right paths to the cross compiled
>>> dependencies. Also check if, while compiling Nginx, this paths are
>>> being used by gcc.
>>>
>>> Other thing that you can do, is to check which libraries ModSecurity
>>> standalone so file is linked to, just to confirm that it is linked
>>> to the right dependencies (which should reflect your target
>>> compilation platform).
>>>
>>> Br.,
>>> *Felipe "Zimmerle" Costa*
>>> Security Researcher, SpiderLabs
>>>
>>> *Trustwave* | SMART SECURITY ON DEMAND
>>> www.trustwave.com <http://www.trustwave.com/>
>>>
>>>
>>>
>>>
>>> On Feb 22, 2014, at 10:51 PM, Derek Werthmuller
>>> <the...@gm... <mailto:the...@gm...>>
>>> wrote:
>>>
>>>> Working on setting modsecurity with nginx in a forward proxy
>>>> configuration on a raspberry pi.
>>>> I've got modsecurity building ok it seems. Have nginx building with
>>>> out modsecurity ok. But nginx will not link properly with modsecurity.
>>>>
>>>> nginx 1.5.10
>>>> apache 2.2.26
>>>> modsecurity 2.7.7
>>>>
>>>> Getting lots of messages like
>>>> modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67:
>>>> undefined reference to `apr_bucket_free'
>>>>
>>>> nginx doesn't have a with-apr section in its configure script, so I
>>>> figure this is referring to modsecurity's use of apr.
>>>>
>>>> Also seems to be having trouble finding the libxml2 libraries.
>>>> Bunch of these messages too.
>>>> ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o):
>>>> In function `hash_response_body_links':
>>>> msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext'
>>>> msc_crypt.c:(.text+0x184c): undefined reference to
>>>> `xmlXPathEvalExpression'
>>>>
>>>> Any guidance on getting this compiled correctly?
>>>> Cheers
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Managing the Performance of Cloud-Based Applications
>>>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>>>> Read the Whitepaper.
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________
>>>> mod-security-developers mailing list
>>>> mod...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>>> ModSecurity Services from Trustwave's SpiderLabs:
>>>> https://www.trustwave.com/spiderLabs.php
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> This transmission may contain information that is privileged,
>>> confidential, and/or exempt from disclosure under applicable law. If
>>> you are not the intended recipient, you are hereby notified that any
>>> disclosure, copying, distribution, or use of the information
>>> contained herein (including any reliance thereon) is strictly
>>> prohibited. If you received this transmission in error, please
>>> immediately contact the sender and destroy the material in its
>>> entirety, whether in electronic or hard copy format.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Flow-based real-time traffic analytics software. Cisco certified tool.
>>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>>> Customize your own dashboards, set traffic alerts and generate reports.
>>> Network behavioral analysis & security monitoring. All-in-one tool.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>>>
>>>
>>> _______________________________________________
>>> mod-security-developers mailing list
>>> mod...@li...
>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>> ModSecurity Services from Trustwave's SpiderLabs:
>>> https://www.trustwave.com/spiderLabs.php
>>
>> ------------------------------------------------------------------------------
>> Flow-based real-time traffic analytics software. Cisco certified tool.
>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>> Customize your own dashboards, set traffic alerts and generate reports.
>> Network behavioral analysis & security monitoring. All-in-one tool.
>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk_______________________________________________
>> mod-security-developers mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> ModSecurity Services from Trustwave's SpiderLabs:
>> https://www.trustwave.com/spiderLabs.php
>
>
> ------------------------------------------------------------------------
>
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If
> you are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is strictly prohibited. If you
> received this transmission in error, please immediately contact the
> sender and destroy the material in its entirety, whether in electronic
> or hard copy format.
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
|
|
From: Felipe C. <FC...@tr...> - 2014-03-01 02:13:58
|
Hi Derek, I am happy that you managed to get it working. ModSecurity running on OpenWRT is something cool. Are you planning to pack it into an "ipk"? It will be nice to install ModSecurity using "opkg" ;) Contributions are very welcome. Once you have the changes ready to go, just place a merge request using Github. If you need to discuss something just use this thread ;) Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 28, 2014, at 10:22 PM, Derek & Vicky <the...@gm...<mailto:the...@gm...>> wrote: Thanks for the diagnostics. ld shows that the linker is not finding libraries properly as you suspected. This is the openwr t platform. Looks to use gcc. The Issue I'm having I believe really has to do with the make file creation. It suggests using rpath or rpath-link so I'm working to properly integrate them into the Makefile. I'll report progress when get this working. Cheers Derek On 02/24/2014 11:53 AM, Felipe Costa wrote: Hi Derek, ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and _tested_ through our build farm. Here you can access the logs: http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache We are using a Beagle Bone Black to compile and to test it. It is running Ubuntu linux with RobertCNelson's kernel. I believe that you are facing a problem with your cross compiling environment. Can you share more details about your host system? How you are trying to make this cross-compilation? Do you have Scratchbox? OpenEmbeeded? are you using Linaro's gcc? So far, I can tell you that the "config" script, which will be later used by Nginx, is generated while you got ModSecurity configured as standalone module. It is done that way to reflect on the Nginx configuration the very same options that you have used in ModSecurity compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS with something else, you probably is losing the right paths to the cross compiled dependencies. Check if it is replacing the cflags. You can have a look at: $ cat /your/path/to/ModSecurity/nginx/modsecurity/config This file should contain the right paths to the cross compiled dependencies. Also check if, while compiling Nginx, this paths are being used by gcc. Other thing that you can do, is to check which libraries ModSecurity standalone so file is linked to, just to confirm that it is linked to the right dependencies (which should reflect your target compilation platform). Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok. But nginx will not link properly with modsecurity. nginx 1.5.10 apache 2.2.26 modsecurity 2.7.7 Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free' nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr. Also seems to be having trouble finding the libxml2 libraries. Bunch of these messages too. ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links': msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' Any guidance on getting this compiled correctly? Cheers ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Derek & V. <the...@gm...> - 2014-03-01 01:22:15
|
Thanks for the diagnostics. ld shows that the linker is not finding
libraries properly as you suspected. This is the openwr t platform.
Looks to use gcc. The Issue I'm having I believe really has to do with
the make file creation.
It suggests using rpath or rpath-link so I'm working to properly
integrate them into the Makefile.
I'll report progress when get this working.
Cheers
Derek
On 02/24/2014 11:53 AM, Felipe Costa wrote:
> Hi Derek,
>
> ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and
> _tested_ through our build farm. Here you can access the logs:
>
> http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx
> http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache
>
> We are using a Beagle Bone Black to compile and to test it. It is
> running Ubuntu linux with RobertCNelson's kernel.
>
> I believe that you are facing a problem with your cross compiling
> environment. Can you share more details about your host system?
> How you are trying to make this cross-compilation? Do you have
> Scratchbox? OpenEmbeeded? are you using Linaro's gcc?
>
> So far, I can tell you that the "config" script, which will be later
> used by Nginx, is generated while you got ModSecurity configured as
> standalone module. It is done that way to reflect on the Nginx
> configuration the very same options that you have used in ModSecurity
> compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS
> with something else, you probably is losing the right paths to the
> cross compiled dependencies. Check if it is replacing the cflags. You
> can have a look at:
>
> $ cat /your/path/to/ModSecurity/nginx/modsecurity/config
>
> This file should contain the right paths to the cross compiled
> dependencies. Also check if, while compiling Nginx, this paths are
> being used by gcc.
>
> Other thing that you can do, is to check which libraries ModSecurity
> standalone so file is linked to, just to confirm that it is linked to
> the right dependencies (which should reflect your target compilation
> platform).
>
> Br.,
> *Felipe "Zimmerle" Costa*
> Security Researcher, SpiderLabs
>
> *Trustwave* | SMART SECURITY ON DEMAND
> www.trustwave.com <http://www.trustwave.com/>
>
>
>
>
> On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm...
> <mailto:the...@gm...>>
> wrote:
>
>> Working on setting modsecurity with nginx in a forward proxy
>> configuration on a raspberry pi.
>> I've got modsecurity building ok it seems. Have nginx building with
>> out modsecurity ok. But nginx will not link properly with modsecurity.
>>
>> nginx 1.5.10
>> apache 2.2.26
>> modsecurity 2.7.7
>>
>> Getting lots of messages like
>> modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67:
>> undefined reference to `apr_bucket_free'
>>
>> nginx doesn't have a with-apr section in its configure script, so I
>> figure this is referring to modsecurity's use of apr.
>>
>> Also seems to be having trouble finding the libxml2 libraries.
>> Bunch of these messages too.
>> ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o):
>> In function `hash_response_body_links':
>> msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext'
>> msc_crypt.c:(.text+0x184c): undefined reference to
>> `xmlXPathEvalExpression'
>>
>> Any guidance on getting this compiled correctly?
>> Cheers
>>
>> ------------------------------------------------------------------------------
>> Managing the Performance of Cloud-Based Applications
>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> Read the Whitepaper.
>> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________
>> mod-security-developers mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> ModSecurity Services from Trustwave's SpiderLabs:
>> https://www.trustwave.com/spiderLabs.php
>
>
> ------------------------------------------------------------------------
>
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If
> you are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is strictly prohibited. If you
> received this transmission in error, please immediately contact the
> sender and destroy the material in its entirety, whether in electronic
> or hard copy format.
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
|
|
From: Felipe C. <FC...@tr...> - 2014-02-26 20:21:39
|
Hi, Our buildbot just finished the daily build of ModSecurityIIS. In today's version you will find the OWSAP CRS 2.2.9 and a lot of improvements, specially on our installer. Among other fixes, today's build no longer requires the installation of the C++ Redistribution files. The bugs that were fixed are listed bellow: https://github.com/SpiderLabs/ModSecurity/issues/63 https://github.com/SpiderLabs/ModSecurity/issues/624 https://github.com/SpiderLabs/ModSecurity/issues/627 https://github.com/SpiderLabs/ModSecurity/issues/628 https://github.com/SpiderLabs/ModSecurity/issues/629 https://github.com/SpiderLabs/ModSecurity/issues/632 https://github.com/SpiderLabs/ModSecurity/issues/639 https://github.com/SpiderLabs/ModSecurity/issues/640 https://github.com/SpiderLabs/ModSecurity/issues/647 This version is available to test under the following urls: https://www.modsecurity.org/daily-releases/modsecurity-iis-2.7.7+iis_installer-184-daily-20140226.zip https://www.modsecurity.org/daily-releases/modsecurity-iis-2.7.7+iis_installer-184-daily-20140226.zip.md5sum It is important to note that this daily release also includes the Status Report, which is under test. For more information about the Status report, have a look at: http://blog.spiderlabs.com/2014/01/introducing-modsecurity-status-reporting.html If you are interested in the build information, see our buildbots logs at: http://www.modsecurity.org/developers/buildbot/builders/Windows%20daily%20release This particular build: http://www.modsecurity.org/developers/buildbot/builders/Windows%20daily%20release/builds/106 We are waiting for your feedback to merge this code as stable into our master tree. If you find any problem or have any suggestions to improve those fixes, feel free to share. Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2014-02-24 16:58:02
|
Hi Derek, ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and _tested_ through our build farm. Here you can access the logs: http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache We are using a Beagle Bone Black to compile and to test it. It is running Ubuntu linux with RobertCNelson's kernel. I believe that you are facing a problem with your cross compiling environment. Can you share more details about your host system? How you are trying to make this cross-compilation? Do you have Scratchbox? OpenEmbeeded? are you using Linaro's gcc? So far, I can tell you that the "config" script, which will be later used by Nginx, is generated while you got ModSecurity configured as standalone module. It is done that way to reflect on the Nginx configuration the very same options that you have used in ModSecurity compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS with something else, you probably is losing the right paths to the cross compiled dependencies. Check if it is replacing the cflags. You can have a look at: $ cat /your/path/to/ModSecurity/nginx/modsecurity/config This file should contain the right paths to the cross compiled dependencies. Also check if, while compiling Nginx, this paths are being used by gcc. Other thing that you can do, is to check which libraries ModSecurity standalone so file is linked to, just to confirm that it is linked to the right dependencies (which should reflect your target compilation platform). Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok. But nginx will not link properly with modsecurity. nginx 1.5.10 apache 2.2.26 modsecurity 2.7.7 Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free' nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr. Also seems to be having trouble finding the libxml2 libraries. Bunch of these messages too. ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links': msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' Any guidance on getting this compiled correctly? Cheers ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Derek W. <the...@gm...> - 2014-02-23 01:51:55
|
Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok. But nginx will not link properly with modsecurity. nginx 1.5.10 apache 2.2.26 modsecurity 2.7.7 Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free' nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr. Also seems to be having trouble finding the libxml2 libraries. Bunch of these messages too. ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links': msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' Any guidance on getting this compiled correctly? Cheers |
|
From: Corbin G. <co...@gm...> - 2014-02-17 12:14:32
|
I'm doing a first time modSecurity install on a Windows 2008 R2 SP1 server. When I run the 64 bit installer, the installation fails. Looking in the event log, it gives Product: ModSecurity IIS -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action InstallModule, location: C:\Program Files (x86)\ModSecurity IIS\, command: "C:\Windows\SysWOW64\inetsrv\appcmd.exe" install module /name:"ModSecurity IIS" /image:"C:\Windows\SysWOW64\inetsrv\ModSecurityIIS.dll" Ending a Windows Installer transaction: C:\Users\Administrator\Downloads\ModSecurityIIS_2.7.7-64b.msi. Client Process Id: 3308. I downloaded and installed the 2013 vcredist prior to beginning the install. I have tried re-running the msi installer, rebooting, etc. but each time the install fails with the error above. Any ideas of what's happening? |
|
From: Bruno S. <br...@sa...> - 2014-02-13 11:07:36
|
Hi Felipe,
Thanks for the instructions.
Here's the output of 'bt full', hope it helps.
Program received signal SIGSEGV, Segmentation fault.
__strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213
213 movlpd (%rdi), %xmm1
Missing separate debuginfos, use: debuginfo-install
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 db4-4.7.25-18.el6_4.x86_64
expat-2.0.1-11.el6_2.x86_64 keyutils-libs-1.4-4.el6.x86_64
krb5-libs-1.10.3-10.el6_4.6.x86_64 libcom_err-1.41.12-18.el6.x86_64
libselinux-2.0.94-5.3.el6_4.1.x86_64 libuuid-2.17.2-12.14.el6.x86_64
libxml2-2.7.6-14.el6.x86_64 lua-5.1.4-4.1.el6.x86_64
nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-3.el6_5.x86_64
nss-softokn-freebl-3.14.3-9.el6.x86_64 nss-util-3.15.3-1.el6_5.x86_64
openldap-2.4.23-32.el6_4.1.x86_64 openssl-1.0.1e-16.el6_5.4.x86_64
pcre-7.8-6.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb)
(gdb) bt full
#0 __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213
No locals.
#1 0x00007ffff2b81f7c in sec_audit_logger (msr=0x7ffff8d1da80) at
msc_logging.c:699
arg = 0x7ffff8d47fa8
sorted_args = 0x7ffff8d5ba68
nextarg = 0x0
tarr = 0x7ffff8d39640
telts = 0x7ffff8d39768
offset = 0
last_offset = 0
sanitize = 0
my_error_msg = 0x0
arr = 0x7ffff8d48250
te = 0x7ffff8d48378
tarr_pattern = 0x7ffff8d33b68
telts_pattern = 0x7ffff8d33c90
str1 = 0x0
str2 = 0x0
text = 0x7ffff8d5ba50 "Content-Length: 133\n"
rule = 0x0
next_rule = 0x0
nbytes = 0
nbytes_written = 140737368015808
md5hash =
"\000\000\000\000\000\000\000\000\330\301\323\370\377\177\000"
was_limited = 0
present = 0
wrote_response_body = 0
entry_filename = 0xf8d3ba88 <Address 0xf8d3ba88 out of bounds>
entry_basename = 0x7fffffffdc90 "h\272\325\370\377\177"
rc = 0
i = 0
limit = -132113904
k = 32767
sanitized_partial = 0
j = 32767
buf = 0x0
pat = 0x0
mparm = 0x0
arg_min = 32767
arg_max = -120464768
sanitize_matched = 0
#2 0x00007ffff2b79225 in modsecurity_process_phase_logging
(msr=0x7ffff8d1da80) at modsecurity.c:695
time_before = 1392288967111028
time_after = 1392288967111070
#3 0x00007ffff2b794b5 in modsecurity_process_phase (msr=0x7ffff8d1da80,
phase=5) at modsecurity.c:801
No locals.
#4 0x00007ffff2b77190 in hook_log_transaction (r=0x7ffff8d1c1f8) at
mod_security2.c:1217
arr = 0x7ffff8d5e0a0
origr = 0x7ffff8d1c1f8
---Type <return> to continue, or q <return> to quit---
msr = 0x7ffff8d1da80
#5 0x00007ffff7fc8600 in ap_run_log_transaction (r=0x7ffff8d1c1f8) at
/usr/src/debug/httpd-2.2.15/server/protocol.c:1705
pHook = <value optimized out>
n = <value optimized out>
rv = <value optimized out>
#6 0x00007ffff7fe5a7f in ap_process_request (r=0x7ffff8d1c1f8) at
/usr/src/debug/httpd-2.2.15/modules/http/http_request.c:308
access_status = <value optimized out>
#7 0x00007ffff7fe29a8 in ap_process_http_connection (c=0x7ffff8cadcf8) at
/usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190
r = 0x7ffff8d1c1f8
csd = 0x0
#8 0x00007ffff7fde6b8 in ap_run_process_connection (c=0x7ffff8cadcf8) at
/usr/src/debug/httpd-2.2.15/server/connection.c:43
pHook = <value optimized out>
n = <value optimized out>
rv = <value optimized out>
#9 0x00007ffff7fea977 in child_main (child_num_arg=<value optimized out>)
at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667
current_conn = <value optimized out>
csd = 0x7ffff8cadb08
ptrans = 0x7ffff8cada88
allocator = 0x7ffff8cab980
status = <value optimized out>
i = <value optimized out>
lr = <value optimized out>
pollset = 0x7ffff8cabc20
sbh = 0x7ffff8cabc18
bucket_alloc = 0x7ffff8d14148
last_poll_idx = 1
#10 0x00007ffff7feac46 in make_child (s=0x7ffff8212880, slot=0) at
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:707
pid = <value optimized out>
#11 0x00007ffff7feb293 in ap_mpm_run (_pconf=<value optimized out>,
plog=<value optimized out>, s=<value optimized out>) at
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:983
index = <value optimized out>
remaining_children_to_start = <value optimized out>
rv = <value optimized out>
#12 0x00007ffff7fc2900 in main (argc=4, argv=0x7fffffffe338) at
/usr/src/debug/httpd-2.2.15/server/main.c:760
c = 102 'f'
configtestonly = <value optimized out>
confname = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf"
def_server_root = 0x7ffff7fed1f3 "/etc/httpd"
temp_error_log = 0x0
error = <value optimized out>
process = 0x7ffff8212880
server_conf = 0x7ffff8212880
pglobal = 0x7ffff8209148
pconf = 0x7ffff820b158
plog = 0x7ffff823d2e8
ptemp = 0x7ffff820f178
pcommands = 0x7ffff820d168
opt = 0x7ffff820d260
rv = <value optimized out>
mod = <value optimized out>
---Type <return> to continue, or q <return> to quit---
optarg = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf"
signal_server = <value optimized out>
On 13 February 2014 03:25, Felipe Costa <FC...@tr...> wrote:
> Hi Bruno,
>
> Thank you for the report.
>
> Do you mind to generate more information using GDB?
>
> I've just create a guide on how to use GDB to help in the bug reporting
> process, it is available under our wiki:
> https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity
>
> Thanks,
> *Felipe "Zimmerle" Costa*
> Security Researcher, SpiderLabs
>
> *Trustwave* | SMART SECURITY ON DEMAND
> www.trustwave.com
>
> On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <br...@sa...>
> wrote:
>
> Hi,
>
> I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm
> getting what appears to be random segfaults. I say random because I haven't
> managed to identify any patterns on the type of requests that segfaults.
>
> Test environment:
> Centos 6.5 x86_64
> httpd-2.2.15-29.el6.centos.x86_64
> mod_security compiled with yajl-2.0.5
>
>
> I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and
> JSON requestBodyProcessor enabled
>
> When the request segfaults, the audit log only records parts A and B:
>
> To avoid making this email too long, logs are here:
> http://pastebin.com/MnehgvJw
>
> Let me know if I can help with any more information.
>
>
> Thanks,
>
>
> --
> - Bruno
> ------------------------------------------------------------------------------
> Android apps run on BlackBerry 10
> Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
> Now with support for Jelly Bean, Bluetooth, Mapview and more.
> Get your Android app in front of a whole new audience. Start now.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
>
>
> ------------------------------
>
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is strictly prohibited. If you
> received this transmission in error, please immediately contact the sender
> and destroy the material in its entirety, whether in electronic or hard
> copy format.
>
>
> ------------------------------------------------------------------------------
> Android apps run on BlackBerry 10
> Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
> Now with support for Jelly Bean, Bluetooth, Mapview and more.
> Get your Android app in front of a whole new audience. Start now.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
--
- Bruno
|
|
From: Felipe C. <FC...@tr...> - 2014-02-13 03:26:02
|
Hi Bruno, Thank you for the report. Do you mind to generate more information using GDB? I've just create a guide on how to use GDB to help in the bug reporting process, it is available under our wiki: https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <br...@sa...<mailto:br...@sa...>> wrote: Hi, I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults. Test environment: Centos 6.5 x86_64 httpd-2.2.15-29.el6.centos.x86_64 mod_security compiled with yajl-2.0.5 I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled When the request segfaults, the audit log only records parts A and B: To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw Let me know if I can help with any more information. Thanks, -- - Bruno ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Bruno S. de A. <br...@sa...> - 2014-02-12 12:55:24
|
Hi, I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults. Test environment: Centos 6.5 x86_64 httpd-2.2.15-29.el6.centos.x86_64 mod_security compiled with yajl-2.0.5 I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled When the request segfaults, the audit log only records parts A and B: To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw Let me know if I can help with any more information. Thanks, -- - Bruno |
|
From: Felipe C. <FC...@tr...> - 2014-02-10 21:40:21
|
Hi Tan, I do agree with you that nginx version (as IIS) will be even better with less dependencies of Apache or libapr. But I am afraid to say that currently ModSecurity core is very dependent of the libapr. For various things, for instance, memory management. You are not the first one to ask about that, so i've opened an META-Issue to track ideas and efforts on the subject. Here goes the link: https://github.com/SpiderLabs/ModSecurity/issues/661 These dependencies exists due to historical reasons. I believe that, as ModSecurity will achieving new functionalities and bugs will be fixed, those dependencies will be being minimized. IMHO, to have our standalone version independent of Apache, and others that are not strictly necessary is an excellent goal. Contributions to boost up this process are very welcomed. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 10, 2014, at 3:30 AM, 谭锋 <ta...@le...<mailto:ta...@le...>> wrote: Hi all: We have been using mod_security for Nginx for over two years, current mod_security still depends too much upon Apache stuffs: apr,apr-util,and even httpd, in compiling or running time, which are quite strange and of no reason for we Nginx and IIS users, giving us an extremely complex task and heavy burden in building, porting and tuning. We are expecting when mod_security for Nginx is no longer a wrapper of a module for Apache. Tan Feng ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2014-02-10 14:09:02
|
Hi Eric, So far I know Websphere Application Server can run altogether with the following HTTP servers: - Apache HTTP Server; - IBM HTTP Server; - Microsoft Internet Information Services (IIS); - Netscape Enterprise Server. Can you or someone else tell me if ModSecurity will work in a stock Websphere Application Server environment (that does not have Apache)? I could not find anything saying that it can. If it can, what are some of the implementation details? I'm using WebCastellum with some success but would prefer to use a framework like ModSecurity that is maintained. Do you know which HTTP server you are using? For IIS, we have the ModSecurityIIS version. You can download it straight from http://www.modsecurity.org. For the IBM HTTP Server, I believe it is powered by Apache. So you should be able to get it working. While get it compiled make sure that you are using the same libraries versions that are used by IBM Server, including: libapr. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: 谭锋 <ta...@le...> - 2014-02-10 06:45:54
|
Hi all: We have been using mod_security for Nginx for over two years, current mod_security still depends too much upon Apache stuffs: apr,apr-util,and even httpd, in compiling or running time, which are quite strange and of no reason for we Nginx and IIS users, giving us an extremely complex task and heavy burden in building, porting and tuning. We are expecting when mod_security for Nginx is no longer a wrapper of a module for Apache. Tan Feng |
|
From: Eric A. <eri...@rr...> - 2014-02-07 14:34:29
|
Hi Felipe: Can you or someone else tell me if ModSecurity will work in a stock Websphere Application Server environment (that does not have Apache)? I could not find anything saying that it can. If it can, what are some of the implementation details? I'm using WebCastellum with some success but would prefer to use a framework like ModSecurity that is maintained. Thanks, Eric On Fri, Feb 7, 2014 at 6:41 AM, Felipe Costa <FC...@tr...> wrote: > Hi, > > In case you are interest to test, the code is hosted under our git > repository at branch: "modsec_status". > > There are two main ways to download the code: > > a) Using GitHub ui. > > GitHub allows the independent visualization of branches. By visiting the > url: https://github.com/SpiderLabs/ModSecurity/tree/modsec_status, > you will be able to navigate under the code that belongs to the > "modsec_status" branch. You can use the button: "Download ZIP" (on the > right menu) to download the code. > > b) Using git directly on the console: > > Another option to fetch the code is to download it directly from our git > repository, as following: > > $ git clone https://github.com/SpiderLabs/ModSecurity.git > $ cd ModSecurity > $ git checkout origin/modsec_status -b modsec_status > > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > On Feb 6, 2014, at 9:03 PM, Ryan Barnett <RBa...@tr...> wrote: > > Anyone interested in beta testing? > > *Ryan Barnett* > Lead Security Researcher, SpiderLabs > > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > On Jan 29, 2014, at 11:06 AM, "Felipe Costa" <FC...@tr...> wrote: > > Hi there, > > Ryan and I have been busy for a while trying to figure out a way to get > some statistics on ModSecurity usage, to allow us to have a better bug > prioritization, and understand how frequently our users are updating > ModSecurity, etc… > > We've made a blog post yesterday, which introduces the idea and code, it > is available at: > > > http://blog.spiderlabs.com/2014/01/introducing-modsecurity-status-reporting.html > > As said in the blog post, the code is not merged yet, it still in a > separated branch. Your opinion and suggestion are very important, so please > test and comment, suggestions and feedback are very welcomed. > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > WatchGuard Dimension instantly turns raw network data into actionable > security intelligence. It gives you real-time visual feedback on key > security issues and trends. Skip the complicated setup - simply import > a virtual appliance and go from zero to informed in seconds. > > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > -- *Eric Anderson |Customer Facing Systems| **RR DONNELLEY* 4101 Winfield Road | Warrenville, IL 60555 *TEL*: 630.322.7176 *EML*: eri...@rr... *WEB*: *http://www.rrdonnelley.com <http://www.rrdonnelley.com>* _____________________________________________________________________________________________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. |
|
From: Felipe C. <FC...@tr...> - 2014-02-07 12:41:24
|
Hi, In case you are interest to test, the code is hosted under our git repository at branch: "modsec_status". There are two main ways to download the code: a) Using GitHub ui. GitHub allows the independent visualization of branches. By visiting the url: https://github.com/SpiderLabs/ModSecurity/tree/modsec_status, you will be able to navigate under the code that belongs to the "modsec_status" branch. You can use the button: "Download ZIP" (on the right menu) to download the code. b) Using git directly on the console: Another option to fetch the code is to download it directly from our git repository, as following: $ git clone https://github.com/SpiderLabs/ModSecurity.git $ cd ModSecurity $ git checkout origin/modsec_status -b modsec_status Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 6, 2014, at 9:03 PM, Ryan Barnett <RBa...@tr...<mailto:RBa...@tr...>> wrote: Anyone interested in beta testing? Ryan Barnett Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Jan 29, 2014, at 11:06 AM, "Felipe Costa" <FC...@tr...<mailto:FC...@tr...>> wrote: Hi there, Ryan and I have been busy for a while trying to figure out a way to get some statistics on ModSecurity usage, to allow us to have a better bug prioritization, and understand how frequently our users are updating ModSecurity, etc… We've made a blog post yesterday, which introduces the idea and code, it is available at: http://blog.spiderlabs.com/2014/01/introducing-modsecurity-status-reporting.html As said in the blog post, the code is not merged yet, it still in a separated branch. Your opinion and suggestion are very important, so please test and comment, suggestions and feedback are very welcomed. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk_______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
10 messages has been excluded from this view by a project administrator.
