mod-security-developers Mailing List for ModSecurity (Page 6)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Sorry, forgot to reply-all.

So, if all I have are rules associated with SecMarkers, then is it true
that I don't have any SecRules associated with Phase 0?  And, if this is
true, then what is the purpose of transaction::processConnection()? I am
trying to determine what this method actually does and whether I need to
invoke it for my use-case.

On Wed, Mar 7, 2018 at 2:26 PM, Felipe Costa <FC...@tr...> wrote:

> Hi Jai,
>
>
>
> In that specific case, those are the representation of SecMarkers.
>
>
>
> Br.,
>
> *Felipe “Zimmerle” Costa*
>
> Security Researcher, Lead Developer ModSecurity.
>
>
>
> *Trustwave* | SMART SECURITY ON DEMAND
>
> *www.trustwave.com <http://www.trustwave.com/>*
>
>
>
> *From: *Jai Harpalani <jai...@mu...>
> *Date: *Wednesday, March 7, 2018 at 12:16 PM
> *To: *Felipe Costa <FC...@tr...>
> *Cc: *"mod...@li..." <
> mod...@li...>
> *Subject: *Re: [Mod-security-developers] Question regarding transaction::
> processConnection()
>
>
>
> Using version 3.0.0 of libModSecurity.
>
>
>
> Below is output after each set of OWASP CRS rules are added. As you can
> see, some rules are added to Phase 0 after each CRS rule set is added. I am
> not sure what these rules do.
>
>
>
> what> modSecShowRules
>
> Rules:
>
> Phase: 0 (0 rules)
>
> Phase: 1 (0 rules)
>
> Phase: 2 (0 rules)
>
> Phase: 3 (0 rules)
>
> Phase: 4 (0 rules)
>
> Phase: 5 (0 rules)
>
> Phase: 6 (0 rules)
>
> Phase: 7 (0 rules)
>
> what> modSecAddRules -p /opt/esg/current/runtime/owasp-modsecurity-crs/
> modsecurity.conf
>
> what> modSecShowRules
>
> Rules:
>
> Phase: 0 (0 rules)
>
> Phase: 1 (0 rules)
>
> Phase: 2 (2 rules)
>
>     Rule ID: 200000--0x561d935fce20
>
>     Rule ID: 200001--0x561d935fd430
>
> Phase: 3 (4 rules)
>
>     Rule ID: 200002--0x561d935d0690
>
>     Rule ID: 200003--0x561d93642530
>
>     Rule ID: 200004--0x561d93642d60
>
>     Rule ID: 200005--0x561d935d6160
>
> Phase: 4 (0 rules)
>
> Phase: 5 (0 rules)
>
> Phase: 6 (0 rules)
>
> Phase: 7 (0 rules)
>
> what> modSecAddRules -p /opt/esg/current/runtime/
> owasp-modsecurity-crs/crs-setup.conf
>
> what> modSecShowRules
>
> Rules:
>
> Phase: 0 (0 rules)
>
> Phase: 1 (0 rules)
>
> Phase: 2 (4 rules)
>
>     Rule ID: 200000--0x561d935fce20
>
>     Rule ID: 200001--0x561d935fd430
>
>     Rule ID: 900950--0x561d935d62c0
>
>     Rule ID: 900990--0x561d935d66a0
>
> Phase: 3 (4 rules)
>
>     Rule ID: 200002--0x561d935d0690
>
>     Rule ID: 200003--0x561d93642530
>
>     Rule ID: 200004--0x561d93642d60
>
>     Rule ID: 200005--0x561d935d6160
>
> Phase: 4 (0 rules)
>
> Phase: 5 (0 rules)
>
> Phase: 6 (0 rules)
>
> Phase: 7 (0 rules)
>
> what> modSecAddRules -p /opt/esg/current/runtime/
> owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
>
> what> modSecShowRules
>
> Rules:
>
> Phase: 0 (1 rules)
>
>     Rule ID: 0--0x561d92adf2a0
>
> Phase: 1 (1 rules)
>
>     Rule ID: 0--0x561d92adf3b0
>
> Phase: 2 (39 rules)
>
> (..)
>
> Phase: 3 (5 rules)
>
>     Rule ID: 200002--0x561d935d0690
>
>     Rule ID: 200003--0x561d93642530
>
>     Rule ID: 200004--0x561d93642d60
>
>     Rule ID: 200005--0x561d935d6160
>
>     Rule ID: 0--0x561d92adf5d0
>
> Phase: 4 (1 rules)
>
>     Rule ID: 0--0x561d92adf6e0
>
> Phase: 5 (1 rules)
>
>     Rule ID: 0--0x561d92adf7f0
>
> Phase: 6 (1 rules)
>
>     Rule ID: 0--0x561d92b7def0
>
> Phase: 7 (0 rules)
>
> what>
>
> what> modSecAddRules -p /opt/esg/current/runtime/
> owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
>
> what> modSecShowRules
>
> Rules:
>
> Phase: 0 (2 rules)
>
>     Rule ID: 0--0x561d92adf2a0
>
>     Rule ID: 0--0x561d93599630
>
> Phase: 1 (2 rules)
>
>     Rule ID: 0--0x561d92adf3b0
>
>     Rule ID: 0--0x561d93599760
>
> Phase: 2 (49 rules)
>
> (..)
>
>     Rule ID: 0--0x561d93599da0
>
> Phase: 7 (0 rules)
>
> what> modSecAddRules -p /opt/esg/current/runtime/
> owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
>
> what> modSecShowRules
>
> Rules:
>
> Phase: 0 (4 rules)
>
>     Rule ID: 0--0x561d92adf2a0
>
>     Rule ID: 0--0x561d93599630
>
>     Rule ID: 0--0x561d935bc6b0
>
>     Rule ID: 0--0x561d92dface0
>
> Phase: 1 (4 rules)
>
>     Rule ID: 0--0x561d92adf3b0
>
>     Rule ID: 0--0x561d93599760
>
> (…)
>

2006	Jan (1)	Feb	Mar	Apr	May	Jun	Jul (8)	Aug (2)	Sep (1)	Oct	Nov (1)	Dec
2008	Jan	Feb	Mar	Apr	May	Jun (1)	Jul	Aug	Sep	Oct	Nov	Dec
2009	Jan (1)	Feb	Mar	Apr	May	Jun	Jul	Aug (9)	Sep	Oct (1)	Nov	Dec (3)
2010	Jan	Feb	Mar	Apr	May	Jun	Jul (2)	Aug	Sep	Oct	Nov	Dec
2011	Jan	Feb (12)	Mar (42)	Apr (68)	May (30)	Jun (50)	Jul (17)	Aug (3)	Sep (5)	Oct (7)	Nov (3)	Dec (4)
2012	Jan (11)	Feb (11)	Mar (37)	Apr	May (21)	Jun (21)	Jul (12)	Aug (41)	Sep (19)	Oct (31)	Nov (24)	Dec (10)
2013	Jan (12)	Feb (18)	Mar (3)	Apr (8)	May (35)	Jun (5)	Jul (38)	Aug (5)	Sep (2)	Oct (4)	Nov (11)	Dec (6)
2014	Jan (3)	Feb (12)	Mar (11)	Apr (18)	May (2)	Jun (1)	Jul (11)	Aug (5)	Sep	Oct (15)	Nov (13)	Dec (9)
2015	Jan (2)	Feb (8)	Mar (7)	Apr (3)	May	Jun (1)	Jul (1)	Aug (1)	Sep (11)	Oct (14)	Nov (4)	Dec (1)
2016	Jan (11)	Feb (19)	Mar (20)	Apr (6)	May (3)	Jun (17)	Jul (5)	Aug	Sep (7)	Oct (2)	Nov (2)	Dec (12)
2017	Jan (4)	Feb (1)	Mar (1)	Apr	May	Jun	Jul (1)	Aug	Sep (3)	Oct (1)	Nov	Dec (15)
2018	Jan (13)	Feb (2)	Mar (14)	Apr (9)	May	Jun (6)	Jul (3)	Aug (1)	Sep (3)	Oct	Nov (13)	Dec (1)
2019	Jan (2)	Feb (9)	Mar (28)	Apr (4)	May (2)	Jun	Jul	Aug	Sep (4)	Oct	Nov	Dec (2)
2020	Jan (1)	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (1)	Oct	Nov	Dec
2021	Jan	Feb	Mar	Apr	May	Jun (2)	Jul (3)	Aug	Sep (4)	Oct	Nov	Dec
2022	Jan	Feb (10)	Mar (3)	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2024	Jan (1)	Feb	Mar	Apr	May	Jun	Jul (4)	Aug	Sep	Oct	Nov	Dec

mod-security-developers Mailing List for ModSecurity (Page 6)

mod-security-developers — Development discussion about mod_security