Thread: Re: [Mod-security-developers] how can i Involved in the project nginx
Brought to you by:
victorhora,
zimmerletw
From: Greg W. <gwr...@ho...> - 2012-08-11 01:34:13
|
We managed to show for the Black Hat that nginx version is certainly possible and our prototype could do a few things, but it still is in an experimental stage. We could certainly use some help in bringing it to a usable state. I think that we will add nginx version to JIRA eventually, but for now if you could share your changes we would merge them next week (while merging all versions into a single 2.7 branch). Greg > Message: 3 > Date: Fri, 10 Aug 2012 16:47:03 +0800 > From: yorkng zhuo <yor...@gm...> > Subject: [Mod-security-developers] how can i Involved in the project > that modsecurity for nginx > To: mod...@li... > Message-ID: > <CAKV5U6=Vxzbcp8QS=cdehj=LRP...@ma...> > Content-Type: text/plain; charset="utf-8" > > hi, all > i am testing modsecurity for nginx(source from the svn)?i found many bugs > in it, i want to commit patch, but JIRA haven't the project (mod for > nginx),how can i? |
From: Greg W. <gwr...@ho...> - 2012-08-11 01:37:40
|
I have a fix for this issue. There were a number of underallocations in IIS module leading to nondeterministic heap corruptions. The 32-bit version worked for me with this specific rule, but given the nature of the bug nothing is guaranteed. Greg > > > From: Bill Roemhild [mailto:con...@ho...] > > > Sent: Friday, August 10, 2012 9:38 AM > > To: Greg Wroblewski (SPARROW); Ryan Barnett > > Cc: owa...@li... > > Subject: RE: [Owasp-modsecurity-core-rule-set] @pmFromFile fails when using IIS along with modsecurity 2.7.0-RC2 > > > > > Maybe I should be asking if anyone else has been able to get this to work. > > |
From: Bill R. <con...@ho...> - 2012-08-13 14:30:15
|
I can confirm that setting the App Pool setting of "Enable 32-Bit Applications" to True does work. Thanks for your help guys. Bill From: gwr...@ho... To: mod...@li... Date: Fri, 10 Aug 2012 18:37:32 -0700 Subject: Re: [Mod-security-developers] [Owasp-modsecurity-core-rule-set] @pmFromFile fails when using IIS along with modsecurity 2.7.0-RC2 I have a fix for this issue. There were a number of underallocations in IIS module leading to nondeterministic heap corruptions. The 32-bit version worked for me with this specific rule, but given the nature of the bug nothing is guaranteed. Greg > > > From: Bill Roemhild [mailto:con...@ho...] > > > Sent: Friday, August 10, 2012 9:38 AM > > To: Greg Wroblewski (SPARROW); Ryan Barnett > > Cc: owa...@li... > > Subject: RE: [Owasp-modsecurity-core-rule-set] @pmFromFile fails when using IIS along with modsecurity 2.7.0-RC2 > > > > > Maybe I should be asking if anyone else has been able to get this to work. > > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php |
From: Alan S. <ala...@ac...> - 2012-08-11 02:18:16
|
Yes, I will merging and testing with my changes and repass for 2.7 branch. [ ]'s Alan On Friday, August 10, 2012 at 10:34 PM, Greg Wroblewski wrote: > We managed to show for the Black Hat that nginx version is certainly possible and our prototype could do a few things, but it still is in an experimental stage. > > We could certainly use some help in bringing it to a usable state. I think that we will add nginx version to JIRA eventually, but for now if you could share your changes we would merge them next week (while merging all versions into a single 2.7 branch). > > Greg > > > Message: 3 > > Date: Fri, 10 Aug 2012 16:47:03 +0800 > > From: yorkng zhuo <yor...@gm... (mailto:yor...@gm...)> > > Subject: [Mod-security-developers] how can i Involved in the project > > that modsecurity for nginx > > To: mod...@li... (mailto:mod...@li...) > > Message-ID: > > <CAKV5U6=Vxzbcp8QS=cdehj=LRP...@ma... (mailto:LRP...@ma...)> > > Content-Type: text/plain; charset="utf-8" > > > > hi, all > > i am testing modsecurity for nginx(source from the svn)?i found many bugs > > in it, i want to commit patch, but JIRA haven't the project (mod for > > nginx),how can i? > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > mod-security-developers mailing list > mod...@li... (mailto:mod...@li...) > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > |