mod-security-users Mailing List for ModSecurity (Page 28)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users — General discussion about mod_security
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(17) |
Aug
(7) |
Sep
(8) |
Oct
(11) |
Nov
(14) |
Dec
(19) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(46) |
Feb
(14) |
Mar
(20) |
Apr
(48) |
May
(15) |
Jun
(20) |
Jul
(36) |
Aug
(24) |
Sep
(31) |
Oct
(28) |
Nov
(23) |
Dec
(12) |
| 2005 |
Jan
(69) |
Feb
(61) |
Mar
(82) |
Apr
(53) |
May
(26) |
Jun
(71) |
Jul
(27) |
Aug
(52) |
Sep
(28) |
Oct
(49) |
Nov
(104) |
Dec
(74) |
| 2006 |
Jan
(61) |
Feb
(148) |
Mar
(82) |
Apr
(139) |
May
(65) |
Jun
(116) |
Jul
(92) |
Aug
(101) |
Sep
(84) |
Oct
(103) |
Nov
(174) |
Dec
(102) |
| 2007 |
Jan
(166) |
Feb
(161) |
Mar
(181) |
Apr
(152) |
May
(192) |
Jun
(250) |
Jul
(127) |
Aug
(165) |
Sep
(97) |
Oct
(135) |
Nov
(206) |
Dec
(56) |
| 2008 |
Jan
(160) |
Feb
(135) |
Mar
(98) |
Apr
(89) |
May
(115) |
Jun
(95) |
Jul
(188) |
Aug
(167) |
Sep
(153) |
Oct
(84) |
Nov
(82) |
Dec
(85) |
| 2009 |
Jan
(139) |
Feb
(133) |
Mar
(128) |
Apr
(105) |
May
(135) |
Jun
(79) |
Jul
(92) |
Aug
(134) |
Sep
(73) |
Oct
(112) |
Nov
(159) |
Dec
(80) |
| 2010 |
Jan
(100) |
Feb
(116) |
Mar
(130) |
Apr
(59) |
May
(88) |
Jun
(59) |
Jul
(69) |
Aug
(67) |
Sep
(82) |
Oct
(76) |
Nov
(59) |
Dec
(34) |
| 2011 |
Jan
(84) |
Feb
(74) |
Mar
(81) |
Apr
(94) |
May
(188) |
Jun
(72) |
Jul
(118) |
Aug
(109) |
Sep
(111) |
Oct
(80) |
Nov
(51) |
Dec
(44) |
| 2012 |
Jan
(80) |
Feb
(123) |
Mar
(46) |
Apr
(12) |
May
(40) |
Jun
(62) |
Jul
(95) |
Aug
(66) |
Sep
(65) |
Oct
(53) |
Nov
(42) |
Dec
(60) |
| 2013 |
Jan
(96) |
Feb
(96) |
Mar
(108) |
Apr
(72) |
May
(115) |
Jun
(111) |
Jul
(114) |
Aug
(87) |
Sep
(93) |
Oct
(97) |
Nov
(104) |
Dec
(82) |
| 2014 |
Jan
(96) |
Feb
(77) |
Mar
(71) |
Apr
(40) |
May
(48) |
Jun
(78) |
Jul
(54) |
Aug
(44) |
Sep
(58) |
Oct
(79) |
Nov
(51) |
Dec
(52) |
| 2015 |
Jan
(55) |
Feb
(59) |
Mar
(48) |
Apr
(40) |
May
(45) |
Jun
(63) |
Jul
(36) |
Aug
(49) |
Sep
(35) |
Oct
(58) |
Nov
(21) |
Dec
(47) |
| 2016 |
Jan
(35) |
Feb
(81) |
Mar
(43) |
Apr
(41) |
May
(77) |
Jun
(52) |
Jul
(39) |
Aug
(34) |
Sep
(107) |
Oct
(67) |
Nov
(54) |
Dec
(20) |
| 2017 |
Jan
(99) |
Feb
(37) |
Mar
(86) |
Apr
(47) |
May
(57) |
Jun
(55) |
Jul
(34) |
Aug
(31) |
Sep
(16) |
Oct
(49) |
Nov
(53) |
Dec
(33) |
| 2018 |
Jan
(25) |
Feb
(11) |
Mar
(79) |
Apr
(77) |
May
(5) |
Jun
(19) |
Jul
(17) |
Aug
(7) |
Sep
(13) |
Oct
(22) |
Nov
(13) |
Dec
(68) |
| 2019 |
Jan
(44) |
Feb
(17) |
Mar
(40) |
Apr
(39) |
May
(18) |
Jun
(14) |
Jul
(20) |
Aug
(31) |
Sep
(11) |
Oct
(35) |
Nov
(3) |
Dec
(10) |
| 2020 |
Jan
(32) |
Feb
(16) |
Mar
(10) |
Apr
(22) |
May
(2) |
Jun
(34) |
Jul
(1) |
Aug
(8) |
Sep
(36) |
Oct
(16) |
Nov
(13) |
Dec
(10) |
| 2021 |
Jan
(16) |
Feb
(23) |
Mar
(45) |
Apr
(28) |
May
(6) |
Jun
(17) |
Jul
(8) |
Aug
(1) |
Sep
(2) |
Oct
(35) |
Nov
|
Dec
(5) |
| 2022 |
Jan
|
Feb
(17) |
Mar
(23) |
Apr
(23) |
May
(9) |
Jun
(8) |
Jul
|
Aug
|
Sep
(7) |
Oct
(5) |
Nov
(16) |
Dec
(4) |
| 2023 |
Jan
|
Feb
|
Mar
(3) |
Apr
|
May
(1) |
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(2) |
Oct
(1) |
Nov
|
Dec
|
| 2024 |
Jan
(7) |
Feb
(13) |
Mar
(18) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
(1) |
Nov
(5) |
Dec
(3) |
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
(12) |
Jun
(2) |
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Felipe Z. <fe...@zi...> - 2019-08-07 00:46:21
|
My pleasure. Hope to see everything working soon. Br., Felipe On Tue, Aug 6, 2019 at 6:40 PM Christian Folini <chr...@ne...> wrote: > Thank you for your advice Felipe. I'll act accordingly. > > Cheers, > > Christian > > On Wed, Jul 31, 2019 at 10:40:14PM -0300, Felipe Zimmerle wrote: > > Hi Folini, > > > > I am afraid I cannot help you on that matter because I was not part of > > those discussions, I was not in the summit nor CC'ed in any of those > > emails. I thought you guys had an agreement, my fault. > > > > My advice to you is to talk to the peers that you have already started a > > discussion. So We can better understand the progress/status of those > items. > > Please put me in the loop, so I will be able to be more helpful. > > > > Br., > > Felipe. > > > > > > > > On Wed, Jul 31, 2019 at 4:56 PM Christian Folini < > > chr...@ne...> wrote: > > > > > Hello Felipe, > > > > > > On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > > > > In regarding the content of the website. if I am not mistaken, you > had a > > > > discussion with Ziv Mador (Responsible for ModSecurity project on > > > > Trustwave) about that matter and you guys came to an agreement on > it, am > > > I > > > > right? > > > > > > It has been years since I last talked to Ziv. I remember us > disagreeing on > > > the question of the separate website for the OWASP ModSecurity Core > Rule > > > Set > > > project. I do not remember an agreement though. Please enlighten me, > if you > > > do. > > > > > > On the other hand, I remember Joe Hopp promising us to take care of > this > > > problem last Summer. All in all we have probably written up to a dozen > of > > > messages to several people at Trustwave to > > > > > > - have modsecurity.org/crs redirect to coreruleset.org > > > - have the link in the subtitle of > > > https://github.com/SpiderLabs/owasp-modsecurity-crs > > > point to coreruleset.org instead of modsecurity.org/crs > > > > > > but without luck so far and most of the time without getting a > response. > > > > > > It feels like Trustwave wants to punish the OWASP ModSecurity > > > Core Rule Set project for taking the decision to create its own > website. > > > I do not know if this is the case, but I do not really see any reason > > > why Trustwave would insist to keep people in the dark about the > > > latest information about our project. > > > > > > We are running a blog on coreruleset.org. However, the people landing > on > > > modsecurity.org/crs won't see that blog ever. To name but one > shortcoming. > > > > > > Cheers, > > > > > > Christian on behalf of the OWASP ModSecurity Core Rule Set project > > > > > > > > > -- > > > I don't believe that we have come to the end of the democratic > experiment. > > > -- Bruce Schneier > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > -- > > Br., > > Felipe Zimmerle > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Christian F. <chr...@ne...> - 2019-08-06 21:40:29
|
Thank you for your advice Felipe. I'll act accordingly. Cheers, Christian On Wed, Jul 31, 2019 at 10:40:14PM -0300, Felipe Zimmerle wrote: > Hi Folini, > > I am afraid I cannot help you on that matter because I was not part of > those discussions, I was not in the summit nor CC'ed in any of those > emails. I thought you guys had an agreement, my fault. > > My advice to you is to talk to the peers that you have already started a > discussion. So We can better understand the progress/status of those items. > Please put me in the loop, so I will be able to be more helpful. > > Br., > Felipe. > > > > On Wed, Jul 31, 2019 at 4:56 PM Christian Folini < > chr...@ne...> wrote: > > > Hello Felipe, > > > > On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > > > In regarding the content of the website. if I am not mistaken, you had a > > > discussion with Ziv Mador (Responsible for ModSecurity project on > > > Trustwave) about that matter and you guys came to an agreement on it, am > > I > > > right? > > > > It has been years since I last talked to Ziv. I remember us disagreeing on > > the question of the separate website for the OWASP ModSecurity Core Rule > > Set > > project. I do not remember an agreement though. Please enlighten me, if you > > do. > > > > On the other hand, I remember Joe Hopp promising us to take care of this > > problem last Summer. All in all we have probably written up to a dozen of > > messages to several people at Trustwave to > > > > - have modsecurity.org/crs redirect to coreruleset.org > > - have the link in the subtitle of > > https://github.com/SpiderLabs/owasp-modsecurity-crs > > point to coreruleset.org instead of modsecurity.org/crs > > > > but without luck so far and most of the time without getting a response. > > > > It feels like Trustwave wants to punish the OWASP ModSecurity > > Core Rule Set project for taking the decision to create its own website. > > I do not know if this is the case, but I do not really see any reason > > why Trustwave would insist to keep people in the dark about the > > latest information about our project. > > > > We are running a blog on coreruleset.org. However, the people landing on > > modsecurity.org/crs won't see that blog ever. To name but one shortcoming. > > > > Cheers, > > > > Christian on behalf of the OWASP ModSecurity Core Rule Set project > > > > > > -- > > I don't believe that we have come to the end of the democratic experiment. > > -- Bruce Schneier > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > -- > Br., > Felipe Zimmerle > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Felipe Z. <fe...@zi...> - 2019-08-01 01:41:05
|
Hi Folini, I am afraid I cannot help you on that matter because I was not part of those discussions, I was not in the summit nor CC'ed in any of those emails. I thought you guys had an agreement, my fault. My advice to you is to talk to the peers that you have already started a discussion. So We can better understand the progress/status of those items. Please put me in the loop, so I will be able to be more helpful. Br., Felipe. On Wed, Jul 31, 2019 at 4:56 PM Christian Folini < chr...@ne...> wrote: > Hello Felipe, > > On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > > In regarding the content of the website. if I am not mistaken, you had a > > discussion with Ziv Mador (Responsible for ModSecurity project on > > Trustwave) about that matter and you guys came to an agreement on it, am > I > > right? > > It has been years since I last talked to Ziv. I remember us disagreeing on > the question of the separate website for the OWASP ModSecurity Core Rule > Set > project. I do not remember an agreement though. Please enlighten me, if you > do. > > On the other hand, I remember Joe Hopp promising us to take care of this > problem last Summer. All in all we have probably written up to a dozen of > messages to several people at Trustwave to > > - have modsecurity.org/crs redirect to coreruleset.org > - have the link in the subtitle of > https://github.com/SpiderLabs/owasp-modsecurity-crs > point to coreruleset.org instead of modsecurity.org/crs > > but without luck so far and most of the time without getting a response. > > It feels like Trustwave wants to punish the OWASP ModSecurity > Core Rule Set project for taking the decision to create its own website. > I do not know if this is the case, but I do not really see any reason > why Trustwave would insist to keep people in the dark about the > latest information about our project. > > We are running a blog on coreruleset.org. However, the people landing on > modsecurity.org/crs won't see that blog ever. To name but one shortcoming. > > Cheers, > > Christian on behalf of the OWASP ModSecurity Core Rule Set project > > > -- > I don't believe that we have come to the end of the democratic experiment. > -- Bruce Schneier > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Christian F. <chr...@ne...> - 2019-07-31 19:56:49
|
Hello Felipe, On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > In regarding the content of the website. if I am not mistaken, you had a > discussion with Ziv Mador (Responsible for ModSecurity project on > Trustwave) about that matter and you guys came to an agreement on it, am I > right? It has been years since I last talked to Ziv. I remember us disagreeing on the question of the separate website for the OWASP ModSecurity Core Rule Set project. I do not remember an agreement though. Please enlighten me, if you do. On the other hand, I remember Joe Hopp promising us to take care of this problem last Summer. All in all we have probably written up to a dozen of messages to several people at Trustwave to - have modsecurity.org/crs redirect to coreruleset.org - have the link in the subtitle of https://github.com/SpiderLabs/owasp-modsecurity-crs point to coreruleset.org instead of modsecurity.org/crs but without luck so far and most of the time without getting a response. It feels like Trustwave wants to punish the OWASP ModSecurity Core Rule Set project for taking the decision to create its own website. I do not know if this is the case, but I do not really see any reason why Trustwave would insist to keep people in the dark about the latest information about our project. We are running a blog on coreruleset.org. However, the people landing on modsecurity.org/crs won't see that blog ever. To name but one shortcoming. Cheers, Christian on behalf of the OWASP ModSecurity Core Rule Set project -- I don't believe that we have come to the end of the democratic experiment. -- Bruce Schneier |
|
From: Felipe Z. <fe...@zi...> - 2019-07-31 16:34:52
|
Hi Folini, Sorry if I was not clear, the ones who are working on it is the IT team on Trustwave. I don't have access to the CA to issue the certificate nor update the certificate. That is up to Trustwave's IT department. In regarding the content of the website. if I am not mistaken, you had a discussion with Ziv Mador (Responsible for ModSecurity project on Trustwave) about that matter and you guys came to an agreement on it, am I right? Br., Felipe. On Wed, Jul 31, 2019 at 1:21 AM Christian Folini < chr...@ne...> wrote: > Hey Felipe, > > While you are at it, would you mind redirecting > http://modsecurity.org/crs/ > to https://coreruleset.org? The page Trustwave is hosting is outdated and > some > of the information is too. > > We have a long standing "issue" concerning this > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/996 > and we'd like to be able to close it. > > Best, > > Christian, on behalf of the CRS team > > > On Tue, Jul 30, 2019 at 07:41:53PM -0300, Felipe Zimmerle wrote: > > Hi, Christopher > > > > Thank you for the report. > > > > Yes, Trustwave is the one in charge of the website. They are already > aware > > that that certificate is expired. IT department is taking care of it. > > > > Br., > > Felipe. > > > > > > > > > > On Tue, Jul 30, 2019 at 7:07 PM Felipe Rocha <fel...@gm...> > wrote: > > > > > Trustwave, I think. > > > > > > On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < > > > ch...@ch...> wrote: > > > > > >> Hi there, > > >> > > >> I went to look for something on the site and I found that the TLS > > >> certificate has expired yesterday. > > >> > > >> I tried to check the mailing list archives but literally all of the > > >> links to the archives are broken as well. > > >> > > >> Is anyone maintaining the web site? > > >> > > >> Thanks, > > >> -chris > > >> > > >> _______________________________________________ > > >> mod-security-users mailing list > > >> mod...@li... > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-users > > >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > >> http://www.modsecurity.org/projects/commercial/rules/ > > >> http://www.modsecurity.org/projects/commercial/support/ > > >> > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > -- > > Br., > > Felipe Zimmerle > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Christian F. <chr...@ne...> - 2019-07-31 04:21:25
|
Hey Felipe, While you are at it, would you mind redirecting http://modsecurity.org/crs/ to https://coreruleset.org? The page Trustwave is hosting is outdated and some of the information is too. We have a long standing "issue" concerning this https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/996 and we'd like to be able to close it. Best, Christian, on behalf of the CRS team On Tue, Jul 30, 2019 at 07:41:53PM -0300, Felipe Zimmerle wrote: > Hi, Christopher > > Thank you for the report. > > Yes, Trustwave is the one in charge of the website. They are already aware > that that certificate is expired. IT department is taking care of it. > > Br., > Felipe. > > > > > On Tue, Jul 30, 2019 at 7:07 PM Felipe Rocha <fel...@gm...> wrote: > > > Trustwave, I think. > > > > On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < > > ch...@ch...> wrote: > > > >> Hi there, > >> > >> I went to look for something on the site and I found that the TLS > >> certificate has expired yesterday. > >> > >> I tried to check the mailing list archives but literally all of the > >> links to the archives are broken as well. > >> > >> Is anyone maintaining the web site? > >> > >> Thanks, > >> -chris > >> > >> _______________________________________________ > >> mod-security-users mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-users > >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > >> http://www.modsecurity.org/projects/commercial/rules/ > >> http://www.modsecurity.org/projects/commercial/support/ > >> > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > -- > Br., > Felipe Zimmerle > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Felipe Z. <fe...@zi...> - 2019-07-30 22:42:42
|
Hi, Christopher Thank you for the report. Yes, Trustwave is the one in charge of the website. They are already aware that that certificate is expired. IT department is taking care of it. Br., Felipe. On Tue, Jul 30, 2019 at 7:07 PM Felipe Rocha <fel...@gm...> wrote: > Trustwave, I think. > > On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < > ch...@ch...> wrote: > >> Hi there, >> >> I went to look for something on the site and I found that the TLS >> certificate has expired yesterday. >> >> I tried to check the mailing list archives but literally all of the >> links to the archives are broken as well. >> >> Is anyone maintaining the web site? >> >> Thanks, >> -chris >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Felipe R. <fel...@gm...> - 2019-07-30 22:07:05
|
Trustwave, I think. On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < ch...@ch...> wrote: > Hi there, > > I went to look for something on the site and I found that the TLS > certificate has expired yesterday. > > I tried to check the mailing list archives but literally all of the > links to the archives are broken as well. > > Is anyone maintaining the web site? > > Thanks, > -chris > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christopher S. <ch...@ch...> - 2019-07-30 21:54:53
|
Hi there, I went to look for something on the site and I found that the TLS certificate has expired yesterday. I tried to check the mailing list archives but literally all of the links to the archives are broken as well. Is anyone maintaining the web site? Thanks, -chris |
|
From: Reindl H. <h.r...@th...> - 2019-07-13 13:12:27
|
Am 13.07.19 um 01:37 schrieb Penetration: > Hello > you can set SecStatusEngine to On./ in .htaccess or httpd.conf (global > config) > please send the result of this command > #httpd -M > thanks besides that either you subscribe regulary instead reply to digest mails which makes everything a mess (starting with the subject and threading) or just read only: the oiginal subject was "ModSecurity disabled?" and hecne i responded "you don't need it and it has *nothing* to do with modsecurity disabled" days ago https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-modsecurity-status-reporting/ > On Fri, Jul 12, 2019 at 4:45 PM > <mod...@li... > <mailto:mod...@li...>> wrote: > > Send mod-security-users mailing list submissions to > mod...@li... > <mailto:mod...@li...> > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/mod-security-users > or, via email, send a message with subject or body 'help' to > mod...@li... > <mailto:mod...@li...> > > You can reach the person managing the list at > mod...@li... > <mailto:mod...@li...> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mod-security-users digest..." > > > Today's Topics: > > 1. ModSecurity disabled ? (Edouard Guign?) > 2. Re: ModSecurity disabled ? (Reindl Harald) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 11 Jul 2019 14:57:26 -0300 > From: Edouard Guign? <eg...@pa... > <mailto:eg...@pa...>> > To: mod...@li... > <mailto:mod...@li...> > Subject: [mod-security-users] ModSecurity disabled ? > Message-ID: <3ae...@pa... > <mailto:3ae...@pa...>> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hello, > > I set mod_sec with apache. > > When I start apache service, I noticed : > > /ModSecurity: Status engine is currently disabled, enable it by set > SecStatusEngine to On./ > > What does it mean ? > Do I have to add? SecStatusEngine directive in httpd.conf ? > I am using virtual host conf file, as reverse proxy. > > Best Regards, > > EdG > > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 2 > Date: Thu, 11 Jul 2019 20:23:04 +0200 > From: Reindl Harald <h.r...@th... > <mailto:h.r...@th...>> > To: mod...@li... > <mailto:mod...@li...> > Subject: Re: [mod-security-users] ModSecurity disabled ? > Message-ID: <740...@th... > <mailto:740...@th...>> > Content-Type: text/plain; charset=utf-8 > > > > Am 11.07.19 um 19:57 schrieb Edouard Guign?: > > I set mod_sec with apache. > > > > When I start apache service, I noticed : > > > > /ModSecurity: Status engine is currently disabled, enable it by set > > SecStatusEngine to On./ > > > > What does it mean ? > > Do I have to add? SecStatusEngine directive in httpd.conf ? > > I am using virtual host conf file, as reverse proxy. > > you don't need it and it has *nothing* to do with "modsecurity disabled" > > https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-modsecurity-status-reporting/ |
|
From: <eg...@pa...> - 2019-07-13 01:35:17
|
Hello, I apologize, but I need more informations about you before answer you about this. Who are you ? And what is your relation with mod-security ? According Reindl Harald "I don't need" to set SecStatusEngine to On Best Regards ---------------------------- Message original ---------------------------- Objet: Re: [mod-security-users] mod-security-users Digest, Vol 158, Issue 6 De: "Penetration" <pen...@se...> Date: Ven 12 juillet 2019 20:37 À: "mod-security-users" <mod...@li...> -------------------------------------------------------------------------- Hello you can set SecStatusEngine to On./ in .htaccess or httpd.conf (global config) please send the result of this command #httpd -M thanks On Fri, Jul 12, 2019 at 4:45 PM < mod...@li...> wrote: > Send mod-security-users mailing list submissions to > mod...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/mod-security-users > or, via email, send a message with subject or body 'help' to > mod...@li... > > You can reach the person managing the list at > mod...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mod-security-users digest..." > > > Today's Topics: > > 1. ModSecurity disabled ? (Edouard Guign?) > 2. Re: ModSecurity disabled ? (Reindl Harald) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 11 Jul 2019 14:57:26 -0300 > From: Edouard Guign? <eg...@pa...> > To: mod...@li... > Subject: [mod-security-users] ModSecurity disabled ? > Message-ID: <3ae...@pa...> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hello, > > I set mod_sec with apache. > > When I start apache service, I noticed : > > /ModSecurity: Status engine is currently disabled, enable it by set > SecStatusEngine to On./ > > What does it mean ? > Do I have to add? SecStatusEngine directive in httpd.conf ? > I am using virtual host conf file, as reverse proxy. > > Best Regards, > > EdG > > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 2 > Date: Thu, 11 Jul 2019 20:23:04 +0200 > From: Reindl Harald <h.r...@th...> > To: mod...@li... > Subject: Re: [mod-security-users] ModSecurity disabled ? > Message-ID: <740...@th...> > Content-Type: text/plain; charset=utf-8 > > > > Am 11.07.19 um 19:57 schrieb Edouard Guign?: > > I set mod_sec with apache. > > > > When I start apache service, I noticed : > > > > /ModSecurity: Status engine is currently disabled, enable it by set > > SecStatusEngine to On./ > > > > What does it mean ? > > Do I have to add? SecStatusEngine directive in httpd.conf ? > > I am using virtual host conf file, as reverse proxy. > > you don't need it and it has *nothing* to do with "modsecurity disabled" > > > https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-modsecurity-status-reporting/ > > > > ------------------------------ > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > ------------------------------ > > End of mod-security-users Digest, Vol 158, Issue 6 > ************************************************** > _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Penetration <pen...@se...> - 2019-07-12 23:38:25
|
Hello you can set SecStatusEngine to On./ in .htaccess or httpd.conf (global config) please send the result of this command #httpd -M thanks On Fri, Jul 12, 2019 at 4:45 PM < mod...@li...> wrote: > Send mod-security-users mailing list submissions to > mod...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/mod-security-users > or, via email, send a message with subject or body 'help' to > mod...@li... > > You can reach the person managing the list at > mod...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mod-security-users digest..." > > > Today's Topics: > > 1. ModSecurity disabled ? (Edouard Guign?) > 2. Re: ModSecurity disabled ? (Reindl Harald) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 11 Jul 2019 14:57:26 -0300 > From: Edouard Guign? <eg...@pa...> > To: mod...@li... > Subject: [mod-security-users] ModSecurity disabled ? > Message-ID: <3ae...@pa...> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hello, > > I set mod_sec with apache. > > When I start apache service, I noticed : > > /ModSecurity: Status engine is currently disabled, enable it by set > SecStatusEngine to On./ > > What does it mean ? > Do I have to add? SecStatusEngine directive in httpd.conf ? > I am using virtual host conf file, as reverse proxy. > > Best Regards, > > EdG > > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 2 > Date: Thu, 11 Jul 2019 20:23:04 +0200 > From: Reindl Harald <h.r...@th...> > To: mod...@li... > Subject: Re: [mod-security-users] ModSecurity disabled ? > Message-ID: <740...@th...> > Content-Type: text/plain; charset=utf-8 > > > > Am 11.07.19 um 19:57 schrieb Edouard Guign?: > > I set mod_sec with apache. > > > > When I start apache service, I noticed : > > > > /ModSecurity: Status engine is currently disabled, enable it by set > > SecStatusEngine to On./ > > > > What does it mean ? > > Do I have to add? SecStatusEngine directive in httpd.conf ? > > I am using virtual host conf file, as reverse proxy. > > you don't need it and it has *nothing* to do with "modsecurity disabled" > > > https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-modsecurity-status-reporting/ > > > > ------------------------------ > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > ------------------------------ > > End of mod-security-users Digest, Vol 158, Issue 6 > ************************************************** > |
|
From: Reindl H. <h.r...@th...> - 2019-07-11 18:23:23
|
Am 11.07.19 um 19:57 schrieb Edouard Guigné: > I set mod_sec with apache. > > When I start apache service, I noticed : > > /ModSecurity: Status engine is currently disabled, enable it by set > SecStatusEngine to On./ > > What does it mean ? > Do I have to add SecStatusEngine directive in httpd.conf ? > I am using virtual host conf file, as reverse proxy. you don't need it and it has *nothing* to do with "modsecurity disabled" https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-modsecurity-status-reporting/ |
|
From: Edouard G. <eg...@pa...> - 2019-07-11 18:17:20
|
Hello, I set mod_sec with apache. When I start apache service, I noticed : /ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On./ What does it mean ? Do I have to add SecStatusEngine directive in httpd.conf ? I am using virtual host conf file, as reverse proxy. Best Regards, EdG |
|
From: Reindl H. <h.r...@th...> - 2019-07-07 16:35:07
|
Am 07.07.19 um 18:26 schrieb Ted Talaiti: > stop your mail please this is a pretty dumb response to a link how to unsubscribe days ago instead stop *your* list spamming and unsubsribe like everybody but you is capable to do mailto:mod...@li...?subject=unsubscribe > ------------------------------------------------------------------------ > *From:* Ervin Hegedüs <ai...@gm...> > *Sent:* Wednesday, July 3, 2019 9:47 AM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] Varnish modsecurity binding > > On Wed, Jul 03, 2019 at 08:09:55AM +0000, Ted Talaiti wrote: >> >> stop your mail please > > please review this page: > > https://sourceforge.net/projects/mod-security/lists/mod-security-users/unsubscribe > > enter your e-mail address, and see what happens... |
|
From: Ted T. <tal...@ho...> - 2019-07-07 16:26:56
|
stop your mail please ________________________________ From: Ervin Hegedüs <ai...@gm...> Sent: Wednesday, July 3, 2019 9:47 AM To: mod...@li... Subject: Re: [mod-security-users] Varnish modsecurity binding On Wed, Jul 03, 2019 at 08:09:55AM +0000, Ted Talaiti wrote: > > stop your mail please please review this page: https://sourceforge.net/projects/mod-security/lists/mod-security-users/unsubscribe enter your e-mail address, and see what happens... Regards, a. _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Felipe Z. <fe...@zi...> - 2019-07-03 13:30:20
|
Hi Xavier, Thank you for the effort on that. I am sure that is a precious addition to the libModSecurity family. I am delighted to see the bindings and how the community is fastly growing around libModSecurity. It is terrific to see people from the community engaged in contributing. Currently, we also have bindings for Python that is also maintained by the community - https://github.com/actions-security/pymodsecurity For me, this means a lot; The possibility of extendability (by bindings and others) was discussed back on the decision to move forward and create version 3 [ http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html ]. So, thank you ;) I have added your project to libModSecurity README file - https://github.com/SpiderLabs/ModSecurity/blob/v3/master/README.md#bindings Br., Felipe On Mon, Jul 1, 2019 at 2:15 PM Xavier De Cock <xd...@gm...> wrote: > Hello, > > As the use case became apparent in a company i work for, i've implemented > a small binding for the varnish proxy software. This should be considered a > proof of concept between alpha and beta quality. > > However to be able to stabilise the vmod, tests will prove useful. > > As with all project i recommend you yo test it on a staging env if > possible, review the code. > > Doc, test coverage & so on are still ongoing. But i'll be happy to take > any feedback and help make a contribution that will help other users. > > Currently most of it is ok, the body handling still need a more efficient > way of being done ( via varnish delivery (6.2) or fetch processor(6.1). But > i'm still searching for a way to access request privates variables. > > Thanks a lot for your attention and help. > > Regards, > > Xavier > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Ervin H. <ai...@gm...> - 2019-07-03 09:47:27
|
On Wed, Jul 03, 2019 at 08:09:55AM +0000, Ted Talaiti wrote: > > stop your mail please please review this page: https://sourceforge.net/projects/mod-security/lists/mod-security-users/unsubscribe enter your e-mail address, and see what happens... Regards, a. |
|
From: Ted T. <tal...@ho...> - 2019-07-03 08:09:57
|
stop your mail please ________________________________ From: Xavier De Cock <xd...@gm...> Sent: Monday, July 1, 2019 5:34 PM To: mod...@li... Subject: Re: [mod-security-users] Varnish modsecurity binding And that's what i forgot :) https://github.com/xdecock/vmod-modsecurity The doc is readabke in the src/*.vcc Le lun. 1 juil. 2019 à 19:22, Christian Folini <chr...@ne...<mailto:chr...@ne...>> a écrit : Hello Xavier, This sounds interesting. Do you have a link perhaps? Ahoj, Christian On Mon, Jul 01, 2019 at 07:15:18PM +0200, Xavier De Cock wrote: > Hello, > > As the use case became apparent in a company i work for, i've implemented a > small binding for the varnish proxy software. This should be considered a > proof of concept between alpha and beta quality. > > However to be able to stabilise the vmod, tests will prove useful. > > As with all project i recommend you yo test it on a staging env if > possible, review the code. > > Doc, test coverage & so on are still ongoing. But i'll be happy to take any > feedback and help make a contribution that will help other users. > > Currently most of it is ok, the body handling still need a more efficient > way of being done ( via varnish delivery (6.2) or fetch processor(6.1). But > i'm still searching for a way to access request privates variables. > > Thanks a lot for your attention and help. > > Regards, > > Xavier > _______________________________________________ > mod-security-users mailing list > mod...@li...<mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Xavier De C. <xd...@gm...> - 2019-07-01 17:34:11
|
And that's what i forgot :) https://github.com/xdecock/vmod-modsecurity The doc is readabke in the src/*.vcc Le lun. 1 juil. 2019 à 19:22, Christian Folini <chr...@ne...> a écrit : > Hello Xavier, > > This sounds interesting. Do you have a link perhaps? > > Ahoj, > > Christian > > On Mon, Jul 01, 2019 at 07:15:18PM +0200, Xavier De Cock wrote: > > Hello, > > > > As the use case became apparent in a company i work for, i've > implemented a > > small binding for the varnish proxy software. This should be considered a > > proof of concept between alpha and beta quality. > > > > However to be able to stabilise the vmod, tests will prove useful. > > > > As with all project i recommend you yo test it on a staging env if > > possible, review the code. > > > > Doc, test coverage & so on are still ongoing. But i'll be happy to take > any > > feedback and help make a contribution that will help other users. > > > > Currently most of it is ok, the body handling still need a more efficient > > way of being done ( via varnish delivery (6.2) or fetch processor(6.1). > But > > i'm still searching for a way to access request privates variables. > > > > Thanks a lot for your attention and help. > > > > Regards, > > > > Xavier > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christian F. <chr...@ne...> - 2019-07-01 17:20:30
|
Hello Xavier, This sounds interesting. Do you have a link perhaps? Ahoj, Christian On Mon, Jul 01, 2019 at 07:15:18PM +0200, Xavier De Cock wrote: > Hello, > > As the use case became apparent in a company i work for, i've implemented a > small binding for the varnish proxy software. This should be considered a > proof of concept between alpha and beta quality. > > However to be able to stabilise the vmod, tests will prove useful. > > As with all project i recommend you yo test it on a staging env if > possible, review the code. > > Doc, test coverage & so on are still ongoing. But i'll be happy to take any > feedback and help make a contribution that will help other users. > > Currently most of it is ok, the body handling still need a more efficient > way of being done ( via varnish delivery (6.2) or fetch processor(6.1). But > i'm still searching for a way to access request privates variables. > > Thanks a lot for your attention and help. > > Regards, > > Xavier > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Xavier De C. <xd...@gm...> - 2019-07-01 17:15:34
|
Hello, As the use case became apparent in a company i work for, i've implemented a small binding for the varnish proxy software. This should be considered a proof of concept between alpha and beta quality. However to be able to stabilise the vmod, tests will prove useful. As with all project i recommend you yo test it on a staging env if possible, review the code. Doc, test coverage & so on are still ongoing. But i'll be happy to take any feedback and help make a contribution that will help other users. Currently most of it is ok, the body handling still need a more efficient way of being done ( via varnish delivery (6.2) or fetch processor(6.1). But i'm still searching for a way to access request privates variables. Thanks a lot for your attention and help. Regards, Xavier |
|
From: Ted T. <tal...@ho...> - 2019-07-01 09:43:55
|
Hi Please Unsubscribe me from the list thanks ________________________________ From: Christian Folini <chr...@ne...> Sent: Thursday, June 27, 2019 9:22 PM To: mod...@li...; mod...@ow... Subject: [mod-security-users] OWASP ModSecurity Core Rule Set 3.1.1 released The OWASP ModSecurity Core Rule Set team is pleased to announce the CRS release v3.1.1. This is a minor release fixing a Regular Expression Denial of Service weakness (CVE-2019-11387) as well as some minor bugs and false positives. The CVE is only affecting users of the libModSecurity 3 release line and only under special circumstances. However, we advise all users to upgrade to this latest stable CRS release. We have been notified of 5 ReDoS problems in our rules in April. Upon closer inspection, only 1 of them proved real (the others were found in the naked regular expression, not taking payload transformation and protection mechanisms of the engine into consideration). Once this was established, we had to fix the regex without changing the detection capabilities of the affected rules. And this is what took us so long. But here we are. This is replacement for 3.1.0 with almost identical behavior (minus the ReDoS and a few other fixes). As always with point releases, there are no new rules and an update should thus be smooth and should not bring any new false positives. CRS 3.1 requires an Apache/IIS/NGINX web server with ModSecurity 2.8.0 or higher. CRS 3.1 will run on libModSecurity 3.0 on NGINX. Our GitHub repository is the preferred way to download and update CRS: $> wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.1.1.tar.gz For detailed installation instructions, see the INSTALL document. https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.1/dev/INSTALL Sincerely. Chaim Sanders, Walter Hop and Christian Folini on behalf of the OWASP ModSecurity Core Rule Set development team -- https://coreruleset.org - Follow us on twitter via @CoreRuleSet _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Christian F. <chr...@ne...> - 2019-06-27 21:22:08
|
The OWASP ModSecurity Core Rule Set team is pleased to announce the CRS release v3.1.1. This is a minor release fixing a Regular Expression Denial of Service weakness (CVE-2019-11387) as well as some minor bugs and false positives. The CVE is only affecting users of the libModSecurity 3 release line and only under special circumstances. However, we advise all users to upgrade to this latest stable CRS release. We have been notified of 5 ReDoS problems in our rules in April. Upon closer inspection, only 1 of them proved real (the others were found in the naked regular expression, not taking payload transformation and protection mechanisms of the engine into consideration). Once this was established, we had to fix the regex without changing the detection capabilities of the affected rules. And this is what took us so long. But here we are. This is replacement for 3.1.0 with almost identical behavior (minus the ReDoS and a few other fixes). As always with point releases, there are no new rules and an update should thus be smooth and should not bring any new false positives. CRS 3.1 requires an Apache/IIS/NGINX web server with ModSecurity 2.8.0 or higher. CRS 3.1 will run on libModSecurity 3.0 on NGINX. Our GitHub repository is the preferred way to download and update CRS: $> wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.1.1.tar.gz For detailed installation instructions, see the INSTALL document. https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.1/dev/INSTALL Sincerely. Chaim Sanders, Walter Hop and Christian Folini on behalf of the OWASP ModSecurity Core Rule Set development team -- https://coreruleset.org - Follow us on twitter via @CoreRuleSet |
|
From: Chaim S. <ch...@ch...> - 2019-06-20 04:34:06
|
Please feel free to open a ticket on ModSecurity's github page. On Wed, Jun 19, 2019 at 3:48 AM Joachim Zauner <j.z...@ep...> wrote: > Hi, > i have started to test mod_security2 on openSuSE 42.3 some time ago. I > ran into a problem with incomplete output of the webpages (on Apache > with mod_php7). Once i disabled mod_security2, everything is fine again. > I tested the same on a new Server with newer openSuSE Release (15.1) > with all updates installed. Now i use php-fpm to serve PHP Content. I > still encounter the same problem. The error occures not on every Request > but on ~ 10%. I can reproduce by refreshing the same script. Also, the > Apache child process crashes with a Segmentation fault. Tested with > Apache prefork and event MPM. > > System: > - openSuSE 15.1 > - Apache 2.4.33 > - mod_security2 2.9.2 > > I currently use the default configuration without any activated rules > and "SecRuleEngine DetectionOnly" > > Thank you > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- -- Chaim Sanders http://www.ChaimSanders.com |
139 messages has been excluded from this view by a project administrator.
