Thread: [Mod-security-developers] API Usage and Descriptions?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers
|
From: Jai H. <jai...@mu...> - 2017-12-20 18:17:33
|
I have an application which already retrieves requests and responses from "the wire". I'm trying to add modSecurity to check the requests/responses for WAF errors using: msc_process_request_headers(); msc_process_request_body(); msc_process_response_headers(); msc_process_response_body(); I don't want WAF to necessarily take any action, just inform the caller if any problems were found. If this is possible, how is it done? Also, not sure what the purpose of the below APIs is for my specific application. msc_new_transaction(); msc_process_connection(t); msc_process_uri(); I was not able to locate a description of the above APIs. If detailed descriptions exist, please let me know where they are located. Thanks. |
|
From: Felipe C. <FC...@tr...> - 2017-12-22 14:24:53
|
Hi Jai, The idea is to have a transaction for each HTTP request. So, msc_new_transaction() should be called every time that a new connection is established. In additional to the ModSecurity v2.x phases, ModSecurity v3 can also process rules for this additional URI phase. That is after you got the connection details and before you get the client headers. You can find more details about how to implement a connector in the Transaction code: - https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/transaction.cc You may also want to generate the doxygen docs: $ cd doc ; doxygen doxygen.cfg Notice that there is no phase on SecRules to hit the uri processing. At least not yet. We are aiming to support in upcoming versions. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ From: Jai Harpalani <jai...@mu...> Sent: Wednesday, December 20, 2017 3:52:27 PM To: mod...@li... Subject: [Mod-security-developers] API Usage and Descriptions? I have an application which already retrieves requests and responses from "the wire". I'm trying to add modSecurity to check the requests/responses for WAF errors using: msc_process_request_headers(); msc_process_request_body(); msc_process_response_headers(); msc_process_response_body(); I don't want WAF to necessarily take any action, just inform the caller if any problems were found. If this is possible, how is it done? Also, not sure what the purpose of the below APIs is for my specific application. msc_new_transaction(); msc_process_connection(t); msc_process_uri(); I was not able to locate a description of the above APIs. If detailed descriptions exist, please let me know where they are located. Thanks. |
|
From: Jai H. <jai...@mu...> - 2017-12-28 19:50:22
|
Felipe, Thanks for the information. I will most likely have more questions as I continue working on this. Thanks, Jai On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa <FC...@tr...> wrote: > Hi Jai, > > > The idea is to have a transaction for each HTTP request. So, > msc_new_transaction() should be called every time that a new connection is > established. In additional to the ModSecurity v2.x phases, ModSecurity v3 > can also process rules for this additional URI phase. That is after you got > the connection details and before you get the client headers. > > > You can find more details about how to implement a connector in the > Transaction code: > > - https://github.com/SpiderLabs/ModSecurity/blob/ > v3/master/src/transaction.cc > > You may also want to generate the doxygen docs: > $ cd doc ; doxygen doxygen.cfg > > > > Notice that there is no phase on SecRules to hit the uri processing. At > least not yet. We are aiming to support in upcoming versions. > > > > Br., > > *Felipe **“**Zimmerle” Costa * > > Security Researcher, Lead Developer ModSecurity. > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > ------------------------------ > *From:* Jai Harpalani <jai...@mu...> > *Sent:* Wednesday, December 20, 2017 3:52:27 PM > *To:* mod...@li... > *Subject:* [Mod-security-developers] API Usage and Descriptions? > > > I have an application which already retrieves requests and responses from > "the wire". I'm trying to add modSecurity to check the requests/responses > for WAF errors using: > > msc_process_request_headers(); > msc_process_request_body(); > msc_process_response_headers(); > msc_process_response_body(); > > I don't want WAF to necessarily take any action, just inform the caller if > any problems were found. If this is possible, how is it done? > > Also, not sure what the purpose of the below APIs is for my specific > application. > > msc_new_transaction(); > msc_process_connection(t); > msc_process_uri(); > > I was not able to locate a description of the above APIs. If detailed > descriptions exist, please let me know where they are located. > > Thanks. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Jai H. <jai...@mu...> - 2018-01-02 17:50:08
|
Does mod security use historical information when it applies rules? For example, does mod security know and use information about prior http requests when applying rules to the current one? On Thu, Dec 28, 2017 at 1:21 PM, Jai Harpalani <jai...@mu...> wrote: > Felipe, > > Thanks for the information. I will most likely have more questions as I > continue working on this. > > Thanks, > Jai > > On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa <FC...@tr...> > wrote: > >> Hi Jai, >> >> >> The idea is to have a transaction for each HTTP request. So, >> msc_new_transaction() should be called every time that a new connection is >> established. In additional to the ModSecurity v2.x phases, ModSecurity v3 >> can also process rules for this additional URI phase. That is after you got >> the connection details and before you get the client headers. >> >> >> You can find more details about how to implement a connector in the >> Transaction code: >> >> - https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ >> src/transaction.cc >> >> You may also want to generate the doxygen docs: >> $ cd doc ; doxygen doxygen.cfg >> >> >> >> Notice that there is no phase on SecRules to hit the uri processing. At >> least not yet. We are aiming to support in upcoming versions. >> >> >> >> Br., >> >> *Felipe **“**Zimmerle” Costa * >> >> Security Researcher, Lead Developer ModSecurity. >> >> >> >> *Trustwave* | SMART SECURITY ON DEMAND >> >> www.trustwave.com >> >> >> ------------------------------ >> *From:* Jai Harpalani <jai...@mu...> >> *Sent:* Wednesday, December 20, 2017 3:52:27 PM >> *To:* mod...@li... >> *Subject:* [Mod-security-developers] API Usage and Descriptions? >> >> >> I have an application which already retrieves requests and responses from >> "the wire". I'm trying to add modSecurity to check the requests/responses >> for WAF errors using: >> >> msc_process_request_headers(); >> msc_process_request_body(); >> msc_process_response_headers(); >> msc_process_response_body(); >> >> I don't want WAF to necessarily take any action, just inform the caller >> if any problems were found. If this is possible, how is it done? >> >> Also, not sure what the purpose of the below APIs is for my specific >> application. >> >> msc_new_transaction(); >> msc_process_connection(t); >> msc_process_uri(); >> >> I was not able to locate a description of the above APIs. If detailed >> descriptions exist, please let me know where they are located. >> >> Thanks. >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
|
From: Christian F. <chr...@ne...> - 2018-01-02 18:08:56
|
On Tue, Jan 02, 2018 at 11:50:00AM -0600, Jai Harpalani wrote: > Does mod security use historical information when it applies rules? > For example, does mod security know and use information about prior > http requests when applying rules to the current one? ModSecurity is only the engine. What you are asking is part of the rule set. There is depends on the rules you are employing. Generally no, but they can be written in a way to use that information. The Core Rule Set - the rule set with the biggest user base - generally does not do this. Best, Christian > > On Thu, Dec 28, 2017 at 1:21 PM, Jai Harpalani > <[1]jai...@mu...> wrote: > > Felipe, > Thanks for the information. I will most likely have more questions as > I continue working on this. > Thanks, > Jai > > On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa <[2]FC...@tr...> > wrote: > > Hi Jai, > > The idea is to have a transaction for each HTTP request. So, > msc_new_transaction() should be called every time that a new connection > is established. In additional to the ModSecurity v2.x phases, > ModSecurity v3 can also process rules for this additional URI phase. > That is after you got the connection details and before you get the > client headers. > > You can find more details about how to implement a connector in the > Transaction code: > > - [3]https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ > src/transaction.cc > You may also want to generate the doxygen docs: > $ cd doc ; doxygen doxygen.cfg > > Notice that there is no phase on SecRules to hit the uri processing. At > least not yet. We are aiming to support in upcoming versions. > > Br., > > Felipe “Zimmerle” Costa > > Security Researcher, Lead Developer ModSecurity. > > > Trustwave | SMART SECURITY ON DEMAND > > [4]www.trustwave.com > __________________________________________________________________ > > From: Jai Harpalani <[5]jai...@mu...> > Sent: Wednesday, December 20, 2017 3:52:27 PM > To: [6]mod...@li... > Subject: [Mod-security-developers] API Usage and Descriptions? > > I have an application which already retrieves requests and responses > from "the wire". I'm trying to add modSecurity to check the > requests/responses for WAF errors using: > msc_process_request_headers(); > msc_process_request_body(); > msc_process_response_headers(); > msc_process_response_body(); > I don't want WAF to necessarily take any action, just inform the caller > if any problems were found. If this is possible, how is it done? > Also, not sure what the purpose of the below APIs is for my specific > application. > msc_new_transaction(); > msc_process_connection(t); > msc_process_uri(); > I was not able to locate a description of the above APIs. If detailed > descriptions exist, please let me know where they are located. > Thanks. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! [7]http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > [8]mod...@li... > [9]https://lists.sourceforge.net/lists/listinfo/mod-security-de > velopers > ModSecurity Services from Trustwave's SpiderLabs: > [10]https://www.trustwave.com/spiderLabs.php > > References > > 1. mailto:jai...@mu... > 2. mailto:FC...@tr... > 3. https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/transaction.cc > 4. http://www.trustwave.com/ > 5. mailto:jai...@mu... > 6. mailto:mod...@li... > 7. http://sdm.link/slashdot > 8. mailto:mod...@li... > 9. https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 10. https://www.trustwave.com/spiderLabs.php > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
|
From: Jai H. <jai...@mu...> - 2018-01-02 18:52:32
|
Are the two rules below examples of how historical information can be incorporated into rules? In general, are variables modified and then re-examined by rules to take advantage of historical information? Are there other ways in which historical information can be used within rules? # Increment session score on attack SecRule REQUEST_URI "^/cgi-bin/finger$" "phase:2,id:71,t:none,t:lowercase,t:normalizePath,pass,setvar:SESSION.score=+10" # Detect too many attacks in a session SecRule SESSION:score "@gt 50" "phase:2,id:72,pass,setvar:SESSION.blocked=1" On Tue, Jan 2, 2018 at 12:08 PM, Christian Folini < chr...@ne...> wrote: > On Tue, Jan 02, 2018 at 11:50:00AM -0600, Jai Harpalani wrote: > > Does mod security use historical information when it applies rules? > > For example, does mod security know and use information about prior > > http requests when applying rules to the current one? > > ModSecurity is only the engine. What you are asking is part of the rule > set. There is depends on the rules you are employing. > > Generally no, but they can be written in a way to use that information. > > The Core Rule Set - the rule set with the biggest user base - generally > does not do this. > > Best, > > Christian > > > > > On Thu, Dec 28, 2017 at 1:21 PM, Jai Harpalani > > <[1]jai...@mu...> wrote: > > > > Felipe, > > Thanks for the information. I will most likely have more questions as > > I continue working on this. > > Thanks, > > Jai > > > > On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa <[2] > FC...@tr...> > > wrote: > > > > Hi Jai, > > > > The idea is to have a transaction for each HTTP request. So, > > msc_new_transaction() should be called every time that a new > connection > > is established. In additional to the ModSecurity v2.x phases, > > ModSecurity v3 can also process rules for this additional URI phase. > > That is after you got the connection details and before you get the > > client headers. > > > > You can find more details about how to implement a connector in the > > Transaction code: > > > > - [3]https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ > > src/transaction.cc > > You may also want to generate the doxygen docs: > > $ cd doc ; doxygen doxygen.cfg > > > > Notice that there is no phase on SecRules to hit the uri processing. > At > > least not yet. We are aiming to support in upcoming versions. > > > > Br., > > > > Felipe “Zimmerle” Costa > > > > Security Researcher, Lead Developer ModSecurity. > > > > > > Trustwave | SMART SECURITY ON DEMAND > > > > [4]www.trustwave.com > > __________________________________________________________________ > > > > From: Jai Harpalani <[5]jai...@mu...> > > Sent: Wednesday, December 20, 2017 3:52:27 PM > > To: [6]mod...@li... > > Subject: [Mod-security-developers] API Usage and Descriptions? > > > > I have an application which already retrieves requests and responses > > from "the wire". I'm trying to add modSecurity to check the > > requests/responses for WAF errors using: > > msc_process_request_headers(); > > msc_process_request_body(); > > msc_process_response_headers(); > > msc_process_response_body(); > > I don't want WAF to necessarily take any action, just inform the > caller > > if any problems were found. If this is possible, how is it done? > > Also, not sure what the purpose of the below APIs is for my specific > > application. > > msc_new_transaction(); > > msc_process_connection(t); > > msc_process_uri(); > > I was not able to locate a description of the above APIs. If detailed > > descriptions exist, please let me know where they are located. > > Thanks. > > > > ------------------------------------------------------------ > > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! [7]http://sdm.link/slashdot > > _______________________________________________ > > mod-security-developers mailing list > > [8]mod...@li... > > [9]https://lists.sourceforge.net/lists/listinfo/mod-security-de > > velopers > > ModSecurity Services from Trustwave's SpiderLabs: > > [10]https://www.trustwave.com/spiderLabs.php > > > > References > > > > 1. mailto:jai...@mu... > > 2. mailto:FC...@tr... > > 3. https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ > src/transaction.cc > > 4. http://www.trustwave.com/ > > 5. mailto:jai...@mu... > > 6. mailto:mod...@li... > > 7. http://sdm.link/slashdot > > 8. mailto:mod...@li... > > 9. https://lists.sourceforge.net/lists/listinfo/mod-security- > developers > > 10. https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:chr...@ne... > twitter: @ChrFolini > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Christian F. <chr...@ne...> - 2018-01-02 19:22:44
|
Hey Jai, On Tue, Jan 02, 2018 at 12:52:24PM -0600, Jai Harpalani wrote: > Are the two rules below examples of how historical information can be > incorporated into rules? In general, are variables modified and then > re-examined by rules to take advantage of historical information? Are > there other ways in which historical information can be used within > rules? Yes, that's a standard way to accomplish this. The problem is getting it right for production use. The devil is in the details and there will be a lot of side-effects and edge cases. There are also performance considerations to take care of. Other ways: Lua and a real database springs to mind. If you want to continue this thread, it's probably time to move it over to the user's mailing list. Best, Christian > # Increment session score on attack > SecRule REQUEST_URI "^/cgi-bin/finger$" "phase:2,id:71,t:none,t:lowercase,t:norm > alizePath,pass,setvar:SESSION.score=+10" > > # Detect too many attacks in a session > SecRule SESSION:score "@gt 50" "phase:2,id:72,pass,setvar:SESSION.blocked=1" > > On Tue, Jan 2, 2018 at 12:08 PM, Christian Folini > <[1]chr...@ne...> wrote: > > On Tue, Jan 02, 2018 at 11:50:00AM -0600, Jai Harpalani wrote: > > Does mod security use historical information when it applies > rules? > > For example, does mod security know and use information about > prior > > http requests when applying rules to the current one? > ModSecurity is only the engine. What you are asking is part of the > rule > set. There is depends on the rules you are employing. > Generally no, but they can be written in a way to use that > information. > The Core Rule Set - the rule set with the biggest user base - > generally > does not do this. > Best, > Christian > > > > On Thu, Dec 28, 2017 at 1:21 PM, Jai Harpalani > > <[1][2]jai...@mu...> wrote: > > > > Felipe, > > Thanks for the information. I will most likely have more > questions as > > I continue working on this. > > Thanks, > > Jai > > > > On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa > <[2][3]FC...@tr...> > > wrote: > > > > Hi Jai, > > > > The idea is to have a transaction for each HTTP request. So, > > msc_new_transaction() should be called every time that a new > connection > > is established. In additional to the ModSecurity v2.x phases, > > ModSecurity v3 can also process rules for this additional URI > phase. > > That is after you got the connection details and before you get > the > > client headers. > > > > You can find more details about how to implement a connector in > the > > Transaction code: > > > > - [3][4]https://github.com/SpiderLabs/ModSecurity/blob/ > v3/master/ > > src/transaction.cc > > You may also want to generate the doxygen docs: > > $ cd doc ; doxygen doxygen.cfg > > > > Notice that there is no phase on SecRules to hit the uri > processing. At > > least not yet. We are aiming to support in upcoming versions. > > > > Br., > > > > Felipe “Zimmerle” Costa > > > > Security Researcher, Lead Developer ModSecurity. > > > > > > Trustwave | SMART SECURITY ON DEMAND > > > > [4][5]www.trustwave.com > > ____________________________________________________________ > ______ > > > > From: Jai Harpalani <[5][6]jai...@mu...> > > Sent: Wednesday, December 20, 2017 3:52:27 PM > > To: [6][7]mod...@li... > > Subject: [Mod-security-developers] API Usage and Descriptions? > > > > I have an application which already retrieves requests and > responses > > from "the wire". I'm trying to add modSecurity to check the > > requests/responses for WAF errors using: > > msc_process_request_headers(); > > msc_process_request_body(); > > msc_process_response_headers(); > > msc_process_response_body(); > > I don't want WAF to necessarily take any action, just inform > the caller > > if any problems were found. If this is possible, how is it > done? > > Also, not sure what the purpose of the below APIs is for my > specific > > application. > > msc_new_transaction(); > > msc_process_connection(t); > > msc_process_uri(); > > I was not able to locate a description of the above APIs. If > detailed > > descriptions exist, please let me know where they are located. > > Thanks. > > > > ------------------------------------------------------------ > > ------------------ > > Check out the vibrant tech community on one of the world's > most > > engaging tech sites, Slashdot.org! > [7][8]http://sdm.link/slashdot > > _______________________________________________ > > mod-security-developers mailing list > > [8][9]mod...@li... > > [9][10]https://lists.sourceforge.net/lists/listinfo/mod- > security-de > > velopers > > ModSecurity Services from Trustwave's SpiderLabs: > > [10][11]https://www.trustwave.com/spiderLabs.php > > > > References > > > > 1. mailto:[12]jai...@mu... > > 2. mailto:[13]FC...@tr... > > 3. [14]https://github.com/SpiderLabs/ > ModSecurity/blob/v3/master/src/transaction.cc > > 4. [15]http://www.trustwave.com/ > > 5. mailto:[16]jai...@mu... > > 6. mailto:[17]mod...@li... > > 7. [18]http://sdm.link/slashdot > > 8. mailto:[19]mod...@li... > > 9. [20]https://lists.sourceforge.net/ > lists/listinfo/mod-security-developers > > 10. [21]https://www.trustwave.com/spiderLabs.php > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! [22]http://sdm.link/slashdot > > _______________________________________________ > > mod-security-developers mailing list > > [23]mod...@li... > > [24]https://lists.sourceforge.net/lists/listinfo/mod-security- > developers > > ModSecurity Services from Trustwave's SpiderLabs: > > [25]https://www.trustwave.com/spiderLabs.php > -- > [26]https://www.feistyduck.com/training/modsecurity-training-course > [27]https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:[28]chr...@ne... > twitter: @ChrFolini > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! [29]http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > [30]mod...@li... > [31]https://lists.sourceforge.net/lists/listinfo/mod-security- > developers > ModSecurity Services from Trustwave's SpiderLabs: > [32]https://www.trustwave.com/spiderLabs.php > > References > > 1. mailto:chr...@ne... > 2. mailto:jai...@mu... > 3. mailto:FC...@tr... > 4. https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ > 5. http://www.trustwave.com/ > 6. mailto:jai...@mu... > 7. mailto:mod...@li... > 8. http://sdm.link/slashdot > 9. mailto:mod...@li... > 10. https://lists.sourceforge.net/lists/listinfo/mod-security-de > 11. https://www.trustwave.com/spiderLabs.php > 12. mailto:jai...@mu... > 13. mailto:FC...@tr... > 14. https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/transaction.cc > 15. http://www.trustwave.com/ > 16. mailto:jai...@mu... > 17. mailto:mod...@li... > 18. http://sdm.link/slashdot > 19. mailto:mod...@li... > 20. https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 21. https://www.trustwave.com/spiderLabs.php > 22. http://sdm.link/slashdot > 23. mailto:mod...@li... > 24. https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 25. https://www.trustwave.com/spiderLabs.php > 26. https://www.feistyduck.com/training/modsecurity-training-course > 27. https://www.feistyduck.com/books/modsecurity-handbook/ > 28. mailto:chr...@ne... > 29. http://sdm.link/slashdot > 30. mailto:mod...@li... > 31. https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 32. https://www.trustwave.com/spiderLabs.php > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
|
From: Jai H. <jai...@mu...> - 2018-01-03 01:07:32
|
Christian, I have another unrelated question regarding: SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \ ... Can I ask you via email or should it go to the user's mailing list? |
|
From: Christian F. <chr...@ne...> - 2018-01-03 05:02:10
|
Jai, Let's use the mailinglist. It's maybe interesting for other people too. Ahoj, Christian On Tue, Jan 02, 2018 at 07:07:24PM -0600, Jai Harpalani wrote: > Christian, > I have another unrelated question regarding: > SecRule REQUEST_HEADERS:User-Agent "@pmFromFile > scanners-user-agents.data" \ > ... > Can I ask you via email or should it go to the user's mailing list? > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
|
From: Jai H. <jai...@mu...> - 2018-01-03 05:06:13
|
How do I submit the question to the mailing list? On Tue, Jan 2, 2018 at 11:02 PM, Christian Folini < chr...@ne...> wrote: > Jai, > > Let's use the mailinglist. It's maybe interesting for other people too. > > Ahoj, > > Christian > > On Tue, Jan 02, 2018 at 07:07:24PM -0600, Jai Harpalani wrote: > > Christian, > > I have another unrelated question regarding: > > SecRule REQUEST_HEADERS:User-Agent "@pmFromFile > > scanners-user-agents.data" \ > > ... > > Can I ask you via email or should it go to the user's mailing list? > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:chr...@ne... > twitter: @ChrFolini > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Christian F. <chr...@ne...> - 2018-01-03 05:30:15
|
Jai, You'll find subscription info at http://modsecurity.org/help.html Otherwise, just ask over there. Ahoj, Christian On Tue, Jan 02, 2018 at 11:06:05PM -0600, Jai Harpalani wrote: > How do I submit the question to the mailing list? > > On Tue, Jan 2, 2018 at 11:02 PM, Christian Folini > <[1]chr...@ne...> wrote: > > Jai, > Let's use the mailinglist. It's maybe interesting for other people > too. > Ahoj, > Christian > > On Tue, Jan 02, 2018 at 07:07:24PM -0600, Jai Harpalani wrote: > > Christian, > > I have another unrelated question regarding: > > SecRule REQUEST_HEADERS:User-Agent "@pmFromFile > > scanners-user-agents.data" \ > > ... > > Can I ask you via email or should it go to the user's mailing > list? > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! [2]http://sdm.link/slashdot > > _______________________________________________ > > mod-security-developers mailing list > > [3]mod...@li... > > [4]https://lists.sourceforge.net/lists/listinfo/mod-security- > developers > > ModSecurity Services from Trustwave's SpiderLabs: > > [5]https://www.trustwave.com/spiderLabs.php > -- > [6]https://www.feistyduck.com/training/modsecurity-training-course > [7]https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:[8]chr...@ne... > twitter: @ChrFolini > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! [9]http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > [10]mod...@li... > [11]https://lists.sourceforge.net/lists/listinfo/mod-security- > developers > ModSecurity Services from Trustwave's SpiderLabs: > [12]https://www.trustwave.com/spiderLabs.php > > References > > 1. mailto:chr...@ne... > 2. http://sdm.link/slashdot > 3. mailto:mod...@li... > 4. https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 5. https://www.trustwave.com/spiderLabs.php > 6. https://www.feistyduck.com/training/modsecurity-training-course > 7. https://www.feistyduck.com/books/modsecurity-handbook/ > 8. mailto:chr...@ne... > 9. http://sdm.link/slashdot > 10. mailto:mod...@li... > 11. https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 12. https://www.trustwave.com/spiderLabs.php > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
|
From: Felipe C. <FC...@tr...> - 2018-01-03 12:17:18
|
As of version 3, collections [SESSION and others] can be saved using our own backend. It means that you can use memcache, redis or any other `thing’ capable to store key-pair values. So the data will be persistent in the backend server; Up to the backend server to limit the time and amount of data. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Jai Harpalani <jai...@mu...> Reply-To: "mod...@li..." <mod...@li...> Date: Tuesday, January 2, 2018 at 3:52 PM To: "mod...@li..." <mod...@li...> Subject: Re: [Mod-security-developers] API Usage and Descriptions? Are the two rules below examples of how historical information can be incorporated into rules? In general, are variables modified and then re-examined by rules to take advantage of historical information? Are there other ways in which historical information can be used within rules? # Increment session score on attack SecRule REQUEST_URI "^/cgi-bin/finger$" "phase:2,id:71,t:none,t:lowercase,t:normalizePath,pass,setvar:SESSION.score=+10" # Detect too many attacks in a session SecRule SESSION:score "@gt 50" "phase:2,id:72,pass,setvar:SESSION.blocked=1" On Tue, Jan 2, 2018 at 12:08 PM, Christian Folini <chr...@ne...<mailto:chr...@ne...>> wrote: On Tue, Jan 02, 2018 at 11:50:00AM -0600, Jai Harpalani wrote: > Does mod security use historical information when it applies rules? > For example, does mod security know and use information about prior > http requests when applying rules to the current one? ModSecurity is only the engine. What you are asking is part of the rule set. There is depends on the rules you are employing. Generally no, but they can be written in a way to use that information. The Core Rule Set - the rule set with the biggest user base - generally does not do this. Best, Christian > > On Thu, Dec 28, 2017 at 1:21 PM, Jai Harpalani > <[1]jai...@mu...<mailto:jai...@mu...>> wrote: > > Felipe, > Thanks for the information. I will most likely have more questions as > I continue working on this. > Thanks, > Jai > > On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa <[2]FC...@tr...<mailto:FC...@tr...>> > wrote: > > Hi Jai, > > The idea is to have a transaction for each HTTP request. So, > msc_new_transaction() should be called every time that a new connection > is established. In additional to the ModSecurity v2.x phases, > ModSecurity v3 can also process rules for this additional URI phase. > That is after you got the connection details and before you get the > client headers. > > You can find more details about how to implement a connector in the > Transaction code: > > - [3]https://github.com/SpiderLabs/ModSecurity/blob/v3/master/<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABihQEuWt1Q&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2fv3%2fmaster%2f> > src/transaction.cc > You may also want to generate the doxygen docs: > $ cd doc ; doxygen doxygen.cfg > > Notice that there is no phase on SecRules to hit the uri processing. At > least not yet. We are aiming to support in upcoming versions. > > Br., > > Felipe “Zimmerle” Costa > > Security Researcher, Lead Developer ModSecurity. > > > Trustwave | SMART SECURITY ON DEMAND > > [4]www.trustwave.com<http://www.trustwave.com> > __________________________________________________________________ > > From: Jai Harpalani <[5]jai...@mu...<mailto:jai...@mu...>> > Sent: Wednesday, December 20, 2017 3:52:27 PM > To: [6]mod...@li...<mailto:mod...@li...> > Subject: [Mod-security-developers] API Usage and Descriptions? > > I have an application which already retrieves requests and responses > from "the wire". I'm trying to add modSecurity to check the > requests/responses for WAF errors using: > msc_process_request_headers(); > msc_process_request_body(); > msc_process_response_headers(); > msc_process_response_body(); > I don't want WAF to necessarily take any action, just inform the caller > if any problems were found. If this is possible, how is it done? > Also, not sure what the purpose of the below APIs is for my specific > application. > msc_new_transaction(); > msc_process_connection(t); > msc_process_uri(); > I was not able to locate a description of the above APIs. If detailed > descriptions exist, please let me know where they are located. > Thanks. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org!<http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiFSH7L9hQ&s=5&u=http%3a%2f%2fSlashdot%2eorg%21> [7]http://sdm.link/slashdot<http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot> > _______________________________________________ > mod-security-developers mailing list > [8]mod...@li...<mailto:mod...@li...> > [9]https://lists.sourceforge.net/lists/listinfo/mod-security-de<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiNQHeathA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-de> > velopers > ModSecurity Services from Trustwave's SpiderLabs: > [10]https://www.trustwave.com/spiderLabs.php > > References > > 1. mailto:jai...@mu...<mailto:jai...@mu...> > 2. mailto:FC...@tr...<mailto:FC...@tr...> > 3. https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/transaction.cc<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiNVSbWujw&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2fv3%2fmaster%2fsrc%2ftransaction%2ecc> > 4. http://www.trustwave.com/ > 5. mailto:jai...@mu...<mailto:jai...@mu...> > 6. mailto:mod...@li...<mailto:mod...@li...> > 7. http://sdm.link/slashdot<http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot> > 8. mailto:mod...@li...<mailto:mod...@li...> > 9. https://lists.sourceforge.net/lists/listinfo/mod-security-developers<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiBWE7Cu0g&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers> > 10. https://www.trustwave.com/spiderLabs.php > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org!<http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiFSH7L9hQ&s=5&u=http%3a%2f%2fSlashdot%2eorg%21> http://sdm.link/slashdot<http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot> > _______________________________________________ > mod-security-developers mailing list > mod...@li...<mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiBWE7Cu0g&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers> > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiRSHLb6gw&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2ftraining%2fmodsecurity-training-course> https://www.feistyduck.com/books/modsecurity-handbook/<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiNRG7z8jw&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2fbooks%2fmodsecurity-handbook%2f> mailto:chr...@ne...<mailto:chr...@ne...> twitter: @ChrFolini ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org!<http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiFSH7L9hQ&s=5&u=http%3a%2f%2fSlashdot%2eorg%21> http://sdm.link/slashdot<http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot> _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers<https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiBWE7Cu0g&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers> ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php |
|
From: Christian F. <chr...@ne...> - 2018-01-03 13:42:12
|
On Wed, Jan 03, 2018 at 12:17:07PM +0000, Felipe Costa wrote: > As of version 3, collections [SESSION and others] can be saved using > our own backend. It means that you can use memcache, redis or any other > `thing’ capable to store key-pair values. So the data will be > persistent in the backend server; Up to the backend server to limit the > time and amount of data. This is one of the biggest improvements of ModSec3 over ModSec2. Really looking forward to use this in production! Christian > > > Br., > > Felipe “Zimmerle” Costa > > Security Researcher, Lead Developer ModSecurity. > > > Trustwave | SMART SECURITY ON DEMAND > > [1]www.trustwave.com > > > > From: Jai Harpalani <jai...@mu...> > Reply-To: "mod...@li..." > <mod...@li...> > Date: Tuesday, January 2, 2018 at 3:52 PM > To: "mod...@li..." > <mod...@li...> > Subject: Re: [Mod-security-developers] API Usage and Descriptions? > > > Are the two rules below examples of how historical information can be > incorporated into rules? In general, are variables modified and then > re-examined by rules to take advantage of historical information? Are > there other ways in which historical information can be used within > rules? > > > # Increment session score on attack > SecRule REQUEST_URI "^/cgi-bin/finger$" "phase:2,id:71,t:none,t:lowercase,t:norm > alizePath,pass,setvar:SESSION.score=+10" > > # Detect too many attacks in a session > SecRule SESSION:score "@gt 50" "phase:2,id:72,pass,setvar:SESSION.blocked=1" > > > On Tue, Jan 2, 2018 at 12:08 PM, Christian Folini > <[2]chr...@ne...> wrote: > > On Tue, Jan 02, 2018 at 11:50:00AM -0600, Jai Harpalani wrote: > > Does mod security use historical information when it applies > rules? > > For example, does mod security know and use information about > prior > > http requests when applying rules to the current one? > ModSecurity is only the engine. What you are asking is part of the > rule > set. There is depends on the rules you are employing. > Generally no, but they can be written in a way to use that > information. > The Core Rule Set - the rule set with the biggest user base - > generally > does not do this. > Best, > Christian > > > > On Thu, Dec 28, 2017 at 1:21 PM, Jai Harpalani > > <[1][3]jai...@mu...> wrote: > > > > Felipe, > > Thanks for the information. I will most likely have more > questions as > > I continue working on this. > > Thanks, > > Jai > > > > On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa > <[2][4]FC...@tr...> > > wrote: > > > > Hi Jai, > > > > The idea is to have a transaction for each HTTP request. So, > > msc_new_transaction() should be called every time that a new > connection > > is established. In additional to the ModSecurity v2.x phases, > > ModSecurity v3 can also process rules for this additional URI > phase. > > That is after you got the connection details and before you get > the > > client headers. > > > > You can find more details about how to implement a connector in > the > > Transaction code: > > > > - > [3][5]https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ > > src/transaction.cc > > You may also want to generate the doxygen docs: > > $ cd doc ; doxygen doxygen.cfg > > > > Notice that there is no phase on SecRules to hit the uri > processing. At > > least not yet. We are aiming to support in upcoming versions. > > > > Br., > > > > Felipe “Zimmerle” Costa > > > > Security Researcher, Lead Developer ModSecurity. > > > > > > Trustwave | SMART SECURITY ON DEMAND > > > > [4][6]www.trustwave.com > > > __________________________________________________________________ > > > > From: Jai Harpalani <[5][7]jai...@mu...> > > Sent: Wednesday, December 20, 2017 3:52:27 PM > > To: [6][8]mod...@li... > > Subject: [Mod-security-developers] API Usage and Descriptions? > > > > I have an application which already retrieves requests and > responses > > from "the wire". I'm trying to add modSecurity to check the > > requests/responses for WAF errors using: > > msc_process_request_headers(); > > msc_process_request_body(); > > msc_process_response_headers(); > > msc_process_response_body(); > > I don't want WAF to necessarily take any action, just inform > the caller > > if any problems were found. If this is possible, how is it > done? > > Also, not sure what the purpose of the below APIs is for my > specific > > application. > > msc_new_transaction(); > > msc_process_connection(t); > > msc_process_uri(); > > I was not able to locate a description of the above APIs. If > detailed > > descriptions exist, please let me know where they are located. > > Thanks. > > > > ------------------------------------------------------------ > > ------------------ > > Check out the vibrant tech community on one of the world's > most > > engaging tech sites, [9]Slashdot.org! > [7][10]http://sdm.link/slashdot > > _______________________________________________ > > mod-security-developers mailing list > > [8][11]mod...@li... > > > [9][12]https://lists.sourceforge.net/lists/listinfo/mod-security-de > > velopers > > ModSecurity Services from Trustwave's SpiderLabs: > > [10][13]https://www.trustwave.com/spiderLabs.php > > > > References > > > > 1. mailto:[14]jai...@mu... > > 2. mailto:[15]FC...@tr... > > 3. > [16]https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/tra > nsaction.cc > > 4. [17]http://www.trustwave.com/ > > 5. mailto:[18]jai...@mu... > > 6. mailto:[19]mod...@li... > > 7. [20]http://sdm.link/slashdot > > 8. mailto:[21]mod...@li... > > 9. > [22]https://lists.sourceforge.net/lists/listinfo/mod-security-develo > pers > > 10. [23]https://www.trustwave.com/spiderLabs.php > > > -------------------------------------------------------------------- > ---------- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, [24]Slashdot.org! > [25]http://sdm.link/slashdot > > _______________________________________________ > > mod-security-developers mailing list > > [26]mod...@li... > > > [27]https://lists.sourceforge.net/lists/listinfo/mod-security-develo > pers > > ModSecurity Services from Trustwave's SpiderLabs: > > [28]https://www.trustwave.com/spiderLabs.php > -- > [29]https://www.feistyduck.com/training/modsecurity-training-course > [30]https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:[31]chr...@ne... > twitter: @ChrFolini > > ----------------------------------------------------------------------- > ------- > Check out the vibrant tech community on one of the world's most > engaging tech sites, [32]Slashdot.org! [33]http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > [34]mod...@li... > [35]https://lists.sourceforge.net/lists/listinfo/mod-security-developer > s > ModSecurity Services from Trustwave's SpiderLabs: > [36]https://www.trustwave.com/spiderLabs.php > > References > > 1. http://www.trustwave.com/ > 2. mailto:chr...@ne... > 3. mailto:jai...@mu... > 4. mailto:FC...@tr... > 5. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABihQEuWt1Q&s=5&u=https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ > 6. http://www.trustwave.com/ > 7. mailto:jai...@mu... > 8. mailto:mod...@li... > 9. http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiFSH7L9hQ&s=5&u=http://Slashdot.org! > 10. http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http://sdm.link/slashdot > 11. mailto:mod...@li... > 12. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiNQHeathA&s=5&u=https://lists.sourceforge.net/lists/listinfo/mod-security-de > 13. https://www.trustwave.com/spiderLabs.php > 14. mailto:jai...@mu... > 15. mailto:FC...@tr... > 16. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiNVSbWujw&s=5&u=https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/transaction.cc > 17. http://www.trustwave.com/ > 18. mailto:jai...@mu... > 19. mailto:mod...@li... > 20. http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http://sdm.link/slashdot > 21. mailto:mod...@li... > 22. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiBWE7Cu0g&s=5&u=https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 23. https://www.trustwave.com/spiderLabs.php > 24. http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiFSH7L9hQ&s=5&u=http://Slashdot.org! > 25. http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http://sdm.link/slashdot > 26. mailto:mod...@li... > 27. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiBWE7Cu0g&s=5&u=https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 28. https://www.trustwave.com/spiderLabs.php > 29. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiRSHLb6gw&s=5&u=https://www.feistyduck.com/training/modsecurity-training-course > 30. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiNRG7z8jw&s=5&u=https://www.feistyduck.com/books/modsecurity-handbook/ > 31. mailto:chr...@ne... > 32. http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiFSH7L9hQ&s=5&u=http://Slashdot.org! > 33. http://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABncBGbb7gQ&s=5&u=http://sdm.link/slashdot > 34. mailto:mod...@li... > 35. https://scanmail.trustwave.com/?c=4062&d=_dTL2pbwruNIrz4_zH9y5TG6LjuiTdmABiBWE7Cu0g&s=5&u=https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 36. https://www.trustwave.com/spiderLabs.php > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
Thanks for helping keep SourceForge clean.
X