mod-security-developers Mailing List for ModSecurity (Page 38)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-04-27 21:05:45
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-239.
--------------------------------------
Resolution: Not a Bug
> sanitiseMatchedBytes does not work
> ----------------------------------
>
> Key: MODSEC-239
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-239
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Logging
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
>
> It seems that sanitiseMatchedBytes now simply points to sanitiseMatched. Variables are fully sanitized, no matter which part matched.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: <lu...@tr...> - 2011-04-27 18:20:44
|
Dear Sir or Madam,
We offer quality translation services, such as English-Chinese/Chinese-English translations.
For more details, you can send a message to request our flyer or quotes.
If you have any further enquiry about your project,you can send us E-mail or call our toll free phone at (0086)400-689-7769.
Looking forward to your response.
Transhorsa Team Luna Nie
This e-mail can be used as a voucher for the first time order. Regardless of the amount,We will refund you 10% of the sum.
亲爱的女士/先生
您好!
我们提供多语种的优质翻译服务,例如中-英/英-中笔译。如果需要详细了解,我们可以给您发一份详细介绍资料。
您也可以把具体的要求通过邮件联系我们或者拨打我们的免费服务热线(0086)400-689-7769。期待您的回复!
敬
译码翻译 聂敏燕
此邮件可作为第一次签单时的优惠凭证,无论金额大小,成单后返点10%。
親愛的女士/先生
您好!
我們可以為您提供多語種的優質繙譯服務,例如中-德,德-中筆譯。如果需要詳細瞭解,我們可以為您發送一份詳細的介紹資料。
您也可以把具體要求通過郵件聯係我們,或者撥打我們的免費服務熱線(0086)400-6897769諮詢。期待您的回複!
敬
译码翻译 聂敏燕
敬此郵件可作為第一次簽單時的優惠憑證,無論金額大小,成單后返點10%.
Sehr geehrte Damen, sehr geehrte Herren,
wir bieten Ihnen erstklassige Translationen unter anderem für das Sprachpaar Deutsch-Englisch, und Englisch- Deutsch an. Bitte fordern Sie unseren Flyer an! Wenn Sie bereits ein konkretes Projekt haben, machen wir Ihnen gerne ein Angebot.
Ihr Transhorsa Team
Diese Email gilt als Zeugnis für Rabatt bei erstmaligem Vertrag.Unabhänig wie größ die Summe ist, bekommen Sie 10% Rückvergütung
안녕하십니까?
저희들은 품질 좋은 번역 서비스를 제공해드릴 수 있습니다. 예를 들면 중-한번역, 한-중번역도 가능합니다. 자세한 내용을 알고 싶으시면 저희들의 소개자료를 보내드리겠습니다. 구체적인 요구사항을 메일로 주셔도 괜찮겠습니다. 회신을 기대하겠습니다.
감사합니다.
이 메일은 최초 오다를 진행할 때 할인 필증으로 사용할 수 있습니다.
즉 금액 크기에 상관없이 오다를 이룬 후 이 메일에 의해 금액의 10%를 반환할 수 있습니다.
尊敬なるお客様
弊社は日本語と英語の翻訳サービスを提供する業者です。弊社について詳しくご存知頂ければ、お問合せでご連絡をお願いします。ご請求のとおりに資料を送付させていただきます。ご連絡をお楽しみしています。
ご挨拶まで
このメールは、最初アカウントにサインする時の優遇証拠として、いくらの金額を問わず、取引達成後、10%のポイントを返します。
-------------------------------
Luna | Partner
Transhorsa Translation Ltd.(译码翻译)
Native Translation & Proofreading
7B, 38 Caoxi Rd. - Shanghai 200030
Tel:+86 21 5161 9563 Fax: +86 21 6469 0544
Free hotline: 400-689-7769
www.transhorsa.org
www.transhorsa.com
---------------------------------------------------------
This communication and any files or attachments transmitted with it may contain information that is copyrighted or confidential and exempt from disclosure under applicable law. It is intended solely for the use of the individual or the entity to which it is addressed.
If you are not the intended recipient, you are hereby notified that any use, dissemination, or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify us at once so that we may take the appropriate action and avoid troubling you further.
Thank you for your cooperation.
|
|
From: Breno S. <bre...@gm...> - 2011-04-27 16:27:54
|
Applied Thanks! On Tue, Apr 26, 2011 at 3:53 PM, Diego Elio Pettenò <fla...@gm...>wrote: > > Data symbols and functions that are only used within their translation > units are marked static; those that are not used across the whole sources > have been removed. > > Also remove causes of -Wunused warnings. > --- > apache2/acmp.c | 208 > ----------------------------------------------- > apache2/apache2.h | 6 -- > apache2/apache2_util.c | 11 +--- > apache2/mod_security2.c | 8 +-- > apache2/modsecurity.h | 1 - > apache2/msc_geo.c | 15 +--- > apache2/msc_geo.h | 2 - > apache2/msc_logging.c | 49 +----------- > apache2/msc_logging.h | 2 - > apache2/msc_pcre.c | 2 +- > apache2/msc_pcre.h | 2 - > apache2/msc_util.c | 19 +++-- > apache2/msc_util.h | 11 --- > apache2/re.c | 42 ++++------ > apache2/re.h | 26 +------ > apache2/re_actions.c | 2 + > apache2/re_operators.c | 2 +- > apache2/re_variables.c | 2 +- > 18 files changed, 42 insertions(+), 368 deletions(-) > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Breno S. <bre...@gm...> - 2011-04-27 16:27:36
|
Applied Thanks! On Tue, Apr 26, 2011 at 4:21 PM, Breno Silva <bre...@gm...> wrote: > Right ... i will apply and send for Andreas (a user that help me with > solaris build) > > > On Tue, Apr 26, 2011 at 4:18 PM, Diego Elio Pettenò <fla...@gm...>wrote: > >> Il giorno mar, 26/04/2011 alle 16.12 -0500, Breno Silva ha scritto: >> > I just don't know if it can cause problems in others >> > compilers/plataform. >> >> I've been doing similar changes to other software for years now, I don't >> foresee any problem (surely not with SunCC/ICC). >> >> See >> >> http://blog.flameeyes.eu/2007/12/19/array-of-pointers-and-array-of-arrays >> http://blog.flameeyes.eu/2008/01/01/some-more-about-arrays-of-strings >> http://blog.flameeyes.eu/2008/01/13/introducing-cowstats >> >> -- >> Diego Elio Pettenò — Flameeyes >> http://blog.flameeyes.eu/ >> >> >> >> ------------------------------------------------------------------------------ >> WhatsUp Gold - Download Free Network Management Software >> The most intuitive, comprehensive, and cost-effective network >> management toolset available today. Delivers lowest initial >> acquisition cost and overall TCO of any competing solution. >> http://p.sf.net/sfu/whatsupgold-sd >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-04-27 16:24:47
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-237.
--------------------------------------
Resolution: Fixed
Now we have:
[Wed Apr 27 09:22:49 2011] [error] [client 192.168.0.100] ModSecurity: ipMatch Internal Error: Invalid ip address. [hostname "192.168.0.103"] [uri "/images/logo.gif"] [unique_id "TbhC2cCoAGUAAHfbCjMAAAEs"]
> When a rule fails, there is no indication in the log about the problem
> ----------------------------------------------------------------------
>
> Key: MODSEC-237
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-237
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Logging
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> When a rule fails, there is no indication in the log about the problem, nor there is any way to identify which rule failed.
> Try with this:
> SecRule REQUEST_URI "@ipMatch 192.168.1.1"
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-04-27 16:22:52
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-235.
--------------------------------------
Resolution: Fixed
Now we have (audit log):
--6dc1c311-K--
Rule [Match]: SecRule "REMOTE_ADDR" "@ipMatch 192.168.0.1/24,192.168.1.5,192.168.1.10" "phase:2,log,auditlog,pass"
Debug log:
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][5] Rule 21f665c0: SecRule "REMOTE_ADDR" "@ipMatch 192.168.0.1/24,192.168.1.5,192.168.1.10" "phase:2,log,auditlog,pass"
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Transformation completed in 2 usec.
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Executing operator "ipMatch" with param "192.168.0.1/24,192.168.1.5,192.168.1.10" against REMOTE_ADDR.
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][9] Target value: "192.168.0.100"
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Operator completed in 65 usec.
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][2] Warning. IPmatch "192.168.0.100" matched "192.168.0.1/24" at REMOTE_ADDR. [file "/etc/apache2/modsecurity/modsecurity_crs_15_customrules.conf"] [line "118"]
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Rule returned 1.
> @ipMatch with multiple parameters not logged correctly
> ------------------------------------------------------
>
> Key: MODSEC-235
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-235
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Logging
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> When a rule uses @ipMatch with multiple parameters, only the first parameter is recorded in logs.
> For example:
> SecRule REMOTE_ADDR "@ipMatch 192.168.1.1,192.168.1.5,192.168.1.10"
> results with:
> SecRule REMOTE_ADDR "@ipMatch 192.168.1.1"
> in the audit log. Same in the debug log.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-04-27 16:20:47
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-234.
--------------------------------------
Resolution: Fixed
Now we have:
--480c9277-J--
1,15469,"cisco_4_dat","<Unknown ContentType>"
Total,15469
> The format of part J is difficult to parse
> ------------------------------------------
>
> Key: MODSEC-234
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-234
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Components: Logging
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> The format of part J is difficult for tools to consume programmatically. Why not, for example, use CSV as format for this part. For example, a request containing two files could be represented with:
> 2,100,"image1.jpg","image/jpeg"
> 3,100,"image2.jpg","image/jpeg"
> Total,200
> By the way, I think the current code uses 0 for the first form element, which is not obvious to non-programmers. Even I expected 1 to be used for the first element.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-04-27 16:18:47
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-236.
--------------------------------------
Resolution: Fixed
Now we have in error log:
[Wed Apr 27 09:16:59 2011] [error] [client 192.168.0.100] ModSecurity: GSB lookup failed without a database. Set SecGsbLookupDB. [hostname "192.168.0.103"] [uri "/images/logo.gif"] [unique_id "TbhBe8CoAGUAAHXZDVYAAAEs"]
> gsbLookup silently fails when SecGsbLookupDb was not used previously
> --------------------------------------------------------------------
>
> Key: MODSEC-236
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-236
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> gsbLookup silently fails when SecGsbLookupDb was not used previously. The operator should fail and there should be a warning message in the logs.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. <bre...@gm...> - 2011-04-26 21:22:04
|
Right ... i will apply and send for Andreas (a user that help me with solaris build) On Tue, Apr 26, 2011 at 4:18 PM, Diego Elio Pettenò <fla...@gm...>wrote: > Il giorno mar, 26/04/2011 alle 16.12 -0500, Breno Silva ha scritto: > > I just don't know if it can cause problems in others > > compilers/plataform. > > I've been doing similar changes to other software for years now, I don't > foresee any problem (surely not with SunCC/ICC). > > See > > http://blog.flameeyes.eu/2007/12/19/array-of-pointers-and-array-of-arrays > http://blog.flameeyes.eu/2008/01/01/some-more-about-arrays-of-strings > http://blog.flameeyes.eu/2008/01/13/introducing-cowstats > > -- > Diego Elio Pettenò — Flameeyes > http://blog.flameeyes.eu/ > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Diego E. P. <fla...@gm...> - 2011-04-26 21:18:52
|
Il giorno mar, 26/04/2011 alle 16.12 -0500, Breno Silva ha scritto: > I just don't know if it can cause problems in others > compilers/plataform. I've been doing similar changes to other software for years now, I don't foresee any problem (surely not with SunCC/ICC). See http://blog.flameeyes.eu/2007/12/19/array-of-pointers-and-array-of-arrays http://blog.flameeyes.eu/2008/01/01/some-more-about-arrays-of-strings http://blog.flameeyes.eu/2008/01/13/introducing-cowstats -- Diego Elio Pettenò — Flameeyes http://blog.flameeyes.eu/ |
|
From: Diego E. P. <fla...@gm...> - 2011-04-26 21:17:08
|
Il giorno mar, 26/04/2011 alle 16.14 -0500, Breno Silva ha scritto: > Good, but I don't know if we need this optimizations here. Please let > me know your main reasons for this You still gain in having less content in the writeable are of the module, which is never a bad thing, especially when the operating system is able to enforce it, and especially with Apache where multi-process setups are common (the .rodata areas are entirely shared). -- Diego Elio Pettenò — Flameeyes http://blog.flameeyes.eu/ |
|
From: Breno S. <bre...@gm...> - 2011-04-26 21:14:48
|
Good, but I don't know if we need this optimizations here. Please let me know your main reasons for this Thanks Breno On Tue, Apr 26, 2011 at 3:53 PM, Diego Elio Pettenò <fla...@gm...>wrote: > > Rather than using a public structure, use an anonymous one. > > Also make the string a 12-bytes array of characters, rather than a pointer, > so that the content is inlined. 12 bytes make it possible for the single > structure to always be aligned at 16 bytes, which allows a faster access by > index. > --- > apache2/msc_release.c | 12 +++++++----- > apache2/msc_release.h | 6 ------ > 2 files changed, 7 insertions(+), 11 deletions(-) > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Breno S. <bre...@gm...> - 2011-04-26 21:12:53
|
I just don't know if it can cause problems in others compilers/plataform. Did u teste it ? Thanks Breno On Tue, Apr 26, 2011 at 3:53 PM, Diego Elio Pettenò <fla...@gm...>wrote: > > This allows the data to be added to .rodata (non-PIC) or .data.rel.ro > (PIC). > --- > apache2/mod_security2.c | 10 +++++----- > 1 files changed, 5 insertions(+), 5 deletions(-) > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Breno S. <bre...@gm...> - 2011-04-26 21:10:59
|
Applied Thanks On Tue, Apr 26, 2011 at 3:53 PM, Diego Elio Pettenò <fla...@gm...>wrote: > --- > apache2/re_variables.c | 2 -- > 1 files changed, 0 insertions(+), 2 deletions(-) > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Breno S. <bre...@gm...> - 2011-04-26 21:10:47
|
Applied Thanks On Tue, Apr 26, 2011 at 3:53 PM, Diego Elio Pettenò <fla...@gm...>wrote: > --- > build/find_pcre.m4 | 2 -- > build/find_xml.m4 | 2 -- > 2 files changed, 0 insertions(+), 4 deletions(-) > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Diego E. P. <fla...@gm...> - 2011-04-26 20:54:04
|
Data symbols and functions that are only used within their translation units are marked static; those that are not used across the whole sources have been removed. Also remove causes of -Wunused warnings. --- apache2/acmp.c | 208 ----------------------------------------------- apache2/apache2.h | 6 -- apache2/apache2_util.c | 11 +--- apache2/mod_security2.c | 8 +-- apache2/modsecurity.h | 1 - apache2/msc_geo.c | 15 +--- apache2/msc_geo.h | 2 - apache2/msc_logging.c | 49 +----------- apache2/msc_logging.h | 2 - apache2/msc_pcre.c | 2 +- apache2/msc_pcre.h | 2 - apache2/msc_util.c | 19 +++-- apache2/msc_util.h | 11 --- apache2/re.c | 42 ++++------ apache2/re.h | 26 +------ apache2/re_actions.c | 2 + apache2/re_operators.c | 2 +- apache2/re_variables.c | 2 +- 18 files changed, 42 insertions(+), 368 deletions(-) |
|
From: Diego E. P. <fla...@gm...> - 2011-04-26 20:53:59
|
--- apache2/re_variables.c | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) |
|
From: Diego E. P. <fla...@gm...> - 2011-04-26 20:53:55
|
--- build/find_pcre.m4 | 2 -- build/find_xml.m4 | 2 -- 2 files changed, 0 insertions(+), 4 deletions(-) |
|
From: Diego E. P. <fla...@gm...> - 2011-04-26 20:53:54
|
Rather than using a public structure, use an anonymous one. Also make the string a 12-bytes array of characters, rather than a pointer, so that the content is inlined. 12 bytes make it possible for the single structure to always be aligned at 16 bytes, which allows a faster access by index. --- apache2/msc_release.c | 12 +++++++----- apache2/msc_release.h | 6 ------ 2 files changed, 7 insertions(+), 11 deletions(-) |
|
From: Diego E. P. <fla...@gm...> - 2011-04-26 20:53:52
|
This allows the data to be added to .rodata (non-PIC) or .data.rel.ro (PIC). --- apache2/mod_security2.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) |
|
From: Abdullah, A. <Ayu...@tt...> - 2011-04-26 15:24:47
|
Yes, I posted the message and I received the following highlighted email which has nothing to do with the issue that I am having:
-----Original Message-----
From: Breno Silva Pinto (JIRA) [mailto:no...@mo...]
Sent: Monday, April 25, 2011 3:09 PM
To: mod...@li...
Subject: [Mod-security-developers] [JIRA] Resolved: (MODSEC-233) decodeBase64Ext does not follow naming convention
[ https://www.modsecurity.org/tracker/browse/MODSEC-233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-233.
--------------------------------------
Resolution: Fixed
Yes. It was already fixed for rc2.
Thanks
> decodeBase64Ext does not follow naming convention
> -------------------------------------------------
>
> Key: MODSEC-233
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-233
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> The name of the decodeBase64Ext transformation function does not follow the naming convention. The names of all other transformation functions end with "Decode", including the previously-existing base64Decode. decodeBase64Ext should be called base64DecodeExt.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
mod-security-developers mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php
-----Original Message-----
From: Ryan Barnett [mailto:RBa...@tr...]
Sent: Monday, April 25, 2011 5:35 PM
To: mod...@li...
Subject: Re: [Mod-security-developers] Configuring Denial of Service Attack Detection
Please sign up and post this message to the main mod-security-users list -
http://lists.sourceforge.net/lists/listinfo/mod-security-users
--
Ryan Barnett
Senior Security Researcher
Trustwave - SpiderLabs
From: "Abdullah, Ayub" <Ayu...@tt...<mailto:Ayu...@tt...>>
Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>>
Date: Mon, 25 Apr 2011 09:20:50 -0500
To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>>
Subject: [Mod-security-developers] Configuring Denial of Service Attack Detection
Good Morning,
We are currently using Mod_security 2.5.13 /CRS 2.10 in our environment and we were under the impression that Denial of service attacks was a newly added feature that allows this functionality. Well we have been running into all sorts of problems getting this set up correctly. At the moment we have enabled xforwarding for on our proxy servers which gives us the ability to identify offending IPs that are attacking us. We would like defend against these denial of service attacks using mod_security and the httpd-guardian tool.
>From what I have read and assuming httpdguardian is already configured, we only need to add one line to the Apache configuration to deploy it:
SecGuardianLog |/path/to/httpd-guardian
When I insert the above line it blocks all IPs to the site. How do I configure this to blacklist just the offending IP?
Thanks,
Ayub
________________________________
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
mod-security-developers mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php
|
|
From: Ryan B. <RBa...@tr...> - 2011-04-25 21:34:58
|
Please sign up and post this message to the main mod-security-users list - http://lists.sourceforge.net/lists/listinfo/mod-security-users -- Ryan Barnett Senior Security Researcher Trustwave – SpiderLabs From: "Abdullah, Ayub" <Ayu...@tt...<mailto:Ayu...@tt...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Mon, 25 Apr 2011 09:20:50 -0500 To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [Mod-security-developers] Configuring Denial of Service Attack Detection Good Morning, We are currently using Mod_security 2.5.13 /CRS 2.10 in our environment and we were under the impression that Denial of service attacks was a newly added feature that allows this functionality. Well we have been running into all sorts of problems getting this set up correctly. At the moment we have enabled xforwarding for on our proxy servers which gives us the ability to identify offending IPs that are attacking us. We would like defend against these denial of service attacks using mod_security and the httpd-guardian tool. >From what I have read and assuming httpdguardian is already configured, we only need to add one line to the Apache configuration to deploy it: SecGuardianLog |/path/to/httpd-guardian When I insert the above line it blocks all IPs to the site. How do I configure this to blacklist just the offending IP? Thanks, Ayub ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Ivan R. (JIRA) <tr...@mo...> - 2011-04-25 20:43:00
|
[ https://www.modsecurity.org/tracker/browse/MODPROF-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan Ristic resolved MODPROF-1.
-------------------------------
Resolution: Won't Fix
> Implement resource behaviour detection
> --------------------------------------
>
> Key: MODPROF-1
> URL: https://www.modsecurity.org/tracker/browse/MODPROF-1
> Project: ModProfiler
> Issue Type: New Feature
> Security Level: Normal
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 0.3.0
>
>
> Implement resource behaviour detection as discussed in the whitepaper.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Ivan R. (JIRA) <tr...@mo...> - 2011-04-25 20:40:58
|
[ https://www.modsecurity.org/tracker/browse/MODPROF-2?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan Ristic resolved MODPROF-2.
-------------------------------
Resolution: Won't Fix
> Implement support for dynamic URLs
> ----------------------------------
>
> Key: MODPROF-2
> URL: https://www.modsecurity.org/tracker/browse/MODPROF-2
> Project: ModProfiler
> Issue Type: New Feature
> Security Level: Normal
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 0.3.0
>
>
> Support for dynamic URLs will result in two improvements:
> 1. It will allow us to extract the parameters embedded in such URLs
> 2. It will allow us to create a better model after removing such variable data from URLs
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-04-25 20:03:00
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-231.
--------------------------------------
Resolution: Fixed
Fixed.
> Incorrect logging (and possibly behaviour) when using MATCHED_VARS
> ------------------------------------------------------------------
>
> Key: MODSEC-231
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-231
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> For this rule:
> SecRule ARGS "xxx" chain,phase:1,log,pass
> SecRule MATCHED_VARS "yyy" chain
> SecRule MATCHED_VARS "zzz"
> The debug log output is:
> Recipe: Invoking rule 10302ed40; [file "/Users/ivanr/local/httpd/conf/m.conf"] [line "26"].
> Rule 10302ed40: SecRule "MATCHED_VARS" "@rx yyy" "chain"
> Set variable "MATCHED_VARS:a" value "xxxyyy" size 6 to collection.
> Set variable "MATCHED_VARS:b" value "xxxyyy" size 6 to collection.
> Expanded "MATCHED_VARS" to "MATCHED_VARS:a|MATCHED_VARS:b".
> Transformation completed in 1 usec.
> Executing operator "rx" with param "yyy" against MATCHED_VARS:a.
> Target value: "xxxyyy"
> Operator completed in 3 usec.
> Transformation completed in 1 usec.
> Executing operator "rx" with param "yyy" against &MATCHED_VARS:b.
> Notice above the message says against &MATCHED_VARS:b, but why is the & there?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
10 messages has been excluded from this view by a project administrator.
