Thread: [mod-security-users] OWA ruleset?
Brought to you by:
victorhora,
zimmerletw
From: Arthur F. <per...@gm...> - 2007-03-27 10:17:46
|
Hi there, I'm searching for a ModSecurity2 ruleset that protects my Outlook Web Access installation. Are there any available? Regards, Arthur |
From: Christian B. <ch...@jw...> - 2007-03-27 11:03:22
|
Hi Arthur! You probably think of a positive model of your web access application. I do not know about any profile for protection OWA. Most likely you can get a start with the modsecurity core ruleset which follows a different approach by matching known attack-patterns and customize that in order to fit your application. The core ruleset is not restricted to a specific application and should provide you with a basic protection against the most common attacks. When trying this you can make the rule-engine of modsecurity work in detection-only mode to just log malicious requests and monitor your application for a while. This way you can track down possible false-positives and customize the ruleset for your application without breaking its functionality. If you want to create a positive model you might want to have a look at the REMO ruleset editor which aims at exactly this task. REMO can be found at http://remo.netnea.com Regards, Chris Am 27.03.2007 um 11:39 schrieb Arthur Fonzarelli: > Hi there, > > I'm searching for a ModSecurity2 ruleset that protects my Outlook > Web Access > installation. Are there any available? > > Regards, > > Arthur > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-03-27 11:12:12
|
While not a complete ruleset, I did cover an example of using Remo to create a ModSecurity positive policy to protect the OWA login page in the "Cool Rules" webcast that I gave earlier this month. =20 A link to the archived webcast on BSN is available here - http://www.modsecurity.org/projects/coolRules/index.html --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member Author: Preventing Web Attacks with Apache =20 -------------- Web Security Threat Report Webinar on May 9, 2007 (12 pm EST) Learn More About the Breach Webinar Series: http://www.breach.com/webinars.asp -------------- =20 > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] On Behalf Of Christian > Bockermann > Sent: Tuesday, March 27, 2007 7:03 AM > To: Arthur Fonzarelli > Cc: Mod Security > Subject: Re: [mod-security-users] OWA ruleset? >=20 > Hi Arthur! >=20 > You probably think of a positive model of your web access > application. I do not > know about any profile for protection OWA. >=20 > Most likely you can get a start with the modsecurity core ruleset > which follows a > different approach by matching known attack-patterns and customize > that in order > to fit your application. >=20 > The core ruleset is not restricted to a specific application and > should provide > you with a basic protection against the most common attacks. When > trying this > you can make the rule-engine of modsecurity work in detection-only > mode to just > log malicious requests and monitor your application for a while. This > way you can > track down possible false-positives and customize the ruleset for > your application > without breaking its functionality. >=20 > If you want to create a positive model you might want to have a look > at the REMO > ruleset editor which aims at exactly this task. > REMO can be found at http://remo.netnea.com >=20 > Regards, > Chris >=20 > Am 27.03.2007 um 11:39 schrieb Arthur Fonzarelli: >=20 > > Hi there, > > > > I'm searching for a ModSecurity2 ruleset that protects my Outlook > > Web Access > > installation. Are there any available? > > > > Regards, > > > > Arthur > > > > > > ---------------------------------------------------------------------- > > --- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to > > share your > > opinions on IT & business topics through brief surveys-and earn cash > > http://www.techsay.com/default.php? > > page=3Djoin.php&p=3Dsourceforge&CID=3DDEVDEV > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >=20 >=20 > ------------------------------------------------------------------------ - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D= DEVDE V > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |