Thread: [mod-security-users] Question about ARGS Variable
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Jai H. <jai...@mu...> - 2019-01-02 18:25:21
|
User-documentation states: "ARGS is a collection and can be used on its own (means all arguments including the POST Payload)..." Based on my testing, it does not appear that ARGS is including the POST payload. I am sending a POST request with the body shown below. I expect it to trigger Rule 930120, but it does not. Request Body: <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns1:echo xmlns:ns1="http://example1.org/example1"> <Text>hello .bashrc</Text> </ns1:echo> </soapenv:Body> </soapenv:Envelope> |
|
From: Reindl H. <h.r...@th...> - 2019-01-02 18:28:47
|
Am 02.01.19 um 18:55 schrieb Jai Harpalani via mod-security-users: > User-documentation states: > > "ARGS is a collection and can be used on its own (means all arguments > including the POST Payload)..." > > Based on my testing, it does not appear that ARGS is including the POST > payload. I am sending a POST request with the body shown below. I expect > it to trigger Rule 930120, but it does not. args and body are different worlds by definition > Request Body: > > <?xml version='1.0' encoding='UTF-8'?> > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> > <soapenv:Body> > <ns1:echo xmlns:ns1="http://example1.org/example1"> > <Text>hello .bashrc</Text> > </ns1:echo> > </soapenv:Body> > </soapenv:Envelope> |
|
From: Robert P. <rpa...@fe...> - 2019-01-02 18:47:34
|
Hey Jai, I believe ARGS is only filled with the request body with the request is a urlencoded. Because ARGS and friends are treated as tabular variables, ModSecurity won't attempt to parse an XML body and at it into the ARGS or ARGS_POST variables, because there's no sane way to interpolate the document into key-value paired data. On Wed, Jan 2, 2019 at 10:21 AM Jai Harpalani via mod-security-developers < mod...@li...> wrote: > User-documentation states: > > "ARGS is a collection and can be used on its own (means all arguments > including the POST Payload)..." > > Based on my testing, it does not appear that ARGS is including the POST > payload. I am sending a POST request with the body shown below. I expect it > to trigger Rule 930120, but it does not. > > Request Body: > > <?xml version='1.0' encoding='UTF-8'?> > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ > "> > <soapenv:Body> > <ns1:echo xmlns:ns1="http://example1.org/example1"> > <Text>hello .bashrc</Text> > </ns1:echo> > </soapenv:Body> > </soapenv:Envelope> > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Jai H. <jai...@mu...> - 2019-01-02 18:54:10
|
Isn't the "POST Payload" equivalent to the body? If not, what exactly is the "POST Payload"? On Wed, Jan 2, 2019 at 12:29 PM Reindl Harald <h.r...@th...> wrote: > > > Am 02.01.19 um 18:55 schrieb Jai Harpalani via mod-security-users: > > User-documentation states: > > > > "ARGS is a collection and can be used on its own (means all arguments > > including the POST Payload)..." > > > > Based on my testing, it does not appear that ARGS is including the POST > > payload. I am sending a POST request with the body shown below. I expect > > it to trigger Rule 930120, but it does not. > > args and body are different worlds by definition > > > > Request Body: > > > > <?xml version='1.0' encoding='UTF-8'?> > > <soapenv:Envelope xmlns:soapenv=" > http://schemas.xmlsoap.org/soap/envelope/"> > > <soapenv:Body> > > <ns1:echo xmlns:ns1="http://example1.org/example1"> > > <Text>hello .bashrc</Text> > > </ns1:echo> > > </soapenv:Body> > > </soapenv:Envelope> > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Reindl H. <h.r...@th...> - 2019-01-02 18:58:15
|
Am 02.01.19 um 19:54 schrieb Jai Harpalani via mod-security-users: > Isn't the "POST Payload" equivalent to the body? If not, what exactly is > the "POST Payload"? hell how can any random XML stuff be a ARGUMENT and how do you imagine this to handeled performance wise? is it a post-param like <input type="text" anme"=arg" value"=whatever"> no, it is not > On Wed, Jan 2, 2019 at 12:29 PM Reindl Harald <h.r...@th... > <mailto:h.r...@th...>> wrote: > > > > Am 02.01.19 um 18:55 schrieb Jai Harpalani via mod-security-users: > > User-documentation states: > > > > "ARGS is a collection and can be used on its own (means all arguments > > including the POST Payload)..." > > > > Based on my testing, it does not appear that ARGS is including the > POST > > payload. I am sending a POST request with the body shown below. I > expect > > it to trigger Rule 930120, but it does not. > > args and body are different worlds by definition > > > > Request Body: > > > > <?xml version='1.0' encoding='UTF-8'?> > > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> > > <soapenv:Body> > > <ns1:echo xmlns:ns1="http://example1.org/example1"> > > <Text>hello .bashrc</Text> > > </ns1:echo> > > </soapenv:Body> > > </soapenv:Envelope> |
|
From: Jai H. <jai...@mu...> - 2019-01-02 19:14:51
|
Okay, here's a different question. This may not be the appropriate place to
ask, but I'll give it a shot.
There are many OWASP CRS rules which have XML in the list of operators, but
not REQUEST_BODY. An example of one is below.
SecRule
REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*
"@pmf lfi-os-files.data" \
"phase:request,\
msg:'OS File Access Attempt',\
rev:'4',\
ver:'OWASP_CRS/3.0.0',\
maturity:'9',\
accuracy:'9',\
capture,\
t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,\
block,\
id:930120,\
. . .
This rule is searching for patterns specified in lfi-os-files.data. It is
not using Xpath expressions. The XML operator will be empty for non-xml
requests or when the xml parser is disabled. In these cases, wouldn't we
still want to search the request body for patterns specified in
lfi-os-files.data? Is there a reason that the patterns are only searched
for in the request body for XML requests?
On Wed, Jan 2, 2019 at 12:58 PM Reindl Harald <h.r...@th...>
wrote:
>
>
> Am 02.01.19 um 19:54 schrieb Jai Harpalani via mod-security-users:
> > Isn't the "POST Payload" equivalent to the body? If not, what exactly is
> > the "POST Payload"?
>
> hell how can any random XML stuff be a ARGUMENT and how do you imagine
> this to handeled performance wise?
>
> is it a post-param like <input type="text" anme"=arg" value"=whatever">
> no, it is not
>
> > On Wed, Jan 2, 2019 at 12:29 PM Reindl Harald <h.r...@th...
> > <mailto:h.r...@th...>> wrote:
> >
> >
> >
> > Am 02.01.19 um 18:55 schrieb Jai Harpalani via mod-security-users:
> > > User-documentation states:
> > >
> > > "ARGS is a collection and can be used on its own (means all
> arguments
> > > including the POST Payload)..."
> > >
> > > Based on my testing, it does not appear that ARGS is including the
> > POST
> > > payload. I am sending a POST request with the body shown below. I
> > expect
> > > it to trigger Rule 930120, but it does not.
> >
> > args and body are different worlds by definition
> >
> >
> > > Request Body:
> > >
> > > <?xml version='1.0' encoding='UTF-8'?>
> > > <soapenv:Envelope
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> > > <soapenv:Body>
> > > <ns1:echo xmlns:ns1="http://example1.org/example1">
> > > <Text>hello .bashrc</Text>
> > > </ns1:echo>
> > > </soapenv:Body>
> > > </soapenv:Envelope>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
|
From: Manuel S. <spa...@gm...> - 2019-01-02 21:42:02
|
The content of the request body is parsed f there is a body processor enabled, which only happens by default in two cases ( https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ctl ) ``` The requestBodyProcessor option allows you to configure the request body processor. By default, ModSecurity will use the URLENCODED and MULTIPART processors to process an application/x-www-form-urlencoded and a multipart/form-data body, respectively. Other two processors are also supported: JSON and XML, but they are never used implicitly. Instead, *you must* tell ModSecurity to use it by placing a few rules in the REQUEST_HEADERS processing phase. ``` This means that if your content is XML you must have a rule in phase 1 that forces the engine to parse it, same applies to JSON and any other content-type https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#REQBODY_PROCESSOR This also means that if the content-type is something else than ` application/x-www-form-urlencoded` it will not populate the ARGS collection! That is the default in most cases. Now XML use its own collection while json will populate the same collection as urlencoded. You may also want to read https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecRequestBodyAccess Happy new year! El mié., 2 ene. 2019 a las 13:50, Robert Paprocki (< rpa...@fe...>) escribió: > Hey Jai, > > I believe ARGS is only filled with the request body with the request is a > urlencoded. Because ARGS and friends are treated as tabular variables, > ModSecurity won't attempt to parse an XML body and at it into the ARGS or > ARGS_POST variables, because there's no sane way to interpolate the > document into key-value paired data. > > On Wed, Jan 2, 2019 at 10:21 AM Jai Harpalani via mod-security-developers < > mod...@li...> wrote: > >> User-documentation states: >> >> "ARGS is a collection and can be used on its own (means all arguments >> including the POST Payload)..." >> >> Based on my testing, it does not appear that ARGS is including the POST >> payload. I am sending a POST request with the body shown below. I expect it >> to trigger Rule 930120, but it does not. >> >> Request Body: >> >> <?xml version='1.0' encoding='UTF-8'?> >> <soapenv:Envelope xmlns:soapenv=" >> http://schemas.xmlsoap.org/soap/envelope/"> >> <soapenv:Body> >> <ns1:echo xmlns:ns1="http://example1.org/example1"> >> <Text>hello .bashrc</Text> >> </ns1:echo> >> </soapenv:Body> >> </soapenv:Envelope> >> >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Davy G. <da...@ya...> - 2019-01-16 07:51:38
|
Hello,
Regarding Mod Security, I wonder if it is possible to write custom rule in mod security special for SQLIA attacked?
For example: custom rule special for SQLIA Piggy backed tailed or custom rule special for SQLIA tautologies.
Is that possible?
Thanks in advance,Davy
On Thursday, January 3, 2019, 4:43:36 AM GMT+7, Manuel Spartan <spa...@gm...> wrote:
The content of the request body is parsed f there is a body processor enabled, which only happens by default in two cases (https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ctl) ```The requestBodyProcessor option allows you to configure the request body processor. By default, ModSecurity will use the URLENCODED and MULTIPART processors to process an application/x-www-form-urlencoded and a multipart/form-data body, respectively. Other two processors are also supported: JSON and XML, but they are never used implicitly. Instead, you must tell ModSecurity to use it by placing a few rules in the REQUEST_HEADERS processing phase.```This means that if your content is XML you must have a rule in phase 1 that forces the engine to parse it, same applies to JSON and any other content-type https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#REQBODY_PROCESSOR
This also means that if the content-type is something else than `application/x-www-form-urlencoded` it will not populate the ARGS collection! That is the default in most cases.
Now XML use its own collection while json will populate the same collection as urlencoded.You may also want to read https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecRequestBodyAccess
Happy new year!
El mié., 2 ene. 2019 a las 13:50, Robert Paprocki (<rpa...@fe...>) escribió:
Hey Jai,
I believe ARGS is only filled with the request body with the request is a urlencoded. Because ARGS and friends are treated as tabular variables, ModSecurity won't attempt to parse an XML body and at it into the ARGS or ARGS_POST variables, because there's no sane way to interpolate the document into key-value paired data.
On Wed, Jan 2, 2019 at 10:21 AM Jai Harpalani via mod-security-developers <mod...@li...> wrote:
User-documentation states:
"ARGS is a collection and can be used on its own (means all arguments including the POST Payload)..."
Based on my testing, it does not appear that ARGS is including the POST payload. I am sending a POST request with the body shown below. I expect it to trigger Rule 930120, but it does not.
Request Body:
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns1:echo xmlns:ns1="http://example1.org/example1"> <Text>hello .bashrc</Text> </ns1:echo> </soapenv:Body></soapenv:Envelope>
_______________________________________________
mod-security-developers mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php
_______________________________________________
mod-security-users mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
_______________________________________________
mod-security-users mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
|
|
From: Manuel S. <spa...@gm...> - 2019-01-16 12:33:46
|
Hi Davy, Have you reviewed the owasp modsecurity core rule set project? https://github.com/SpiderLabs/owasp-modsecurity-crs Cheers! Sent from my iPhone > On 16 Jan 2019, at 02:51, Davy Gunarso via mod-security-users <mod...@li...> wrote: > > > Hello, > > Regarding Mod Security, I wonder if it is possible to write custom rule in mod security special for SQLIA attacked? > > For example: custom rule special for SQLIA Piggy backed tailed or custom rule special for SQLIA tautologies. > > Is that possible? > > Thanks in advance, > Davy > > On Thursday, January 3, 2019, 4:43:36 AM GMT+7, Manuel Spartan <spa...@gm...> wrote: > > > The content of the request body is parsed f there is a body processor enabled, which only happens by default in two cases (https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ctl) > ``` > The requestBodyProcessor option allows you to configure the request body processor. By default, ModSecurity will use the URLENCODED and MULTIPART processors to process an application/x-www-form-urlencoded and a multipart/form-data body, respectively. Other two processors are also supported: JSON and XML, but they are never used implicitly. Instead, you must tell ModSecurity to use it by placing a few rules in the REQUEST_HEADERS processing phase. > ``` > This means that if your content is XML you must have a rule in phase 1 that forces the engine to parse it, same applies to JSON and any other content-type https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#REQBODY_PROCESSOR > > This also means that if the content-type is something else than `application/x-www-form-urlencoded` it will not populate the ARGS collection! That is the default in most cases. > > Now XML use its own collection while json will populate the same collection as urlencoded. > You may also want to read https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecRequestBodyAccess > > Happy new year! > > El mié., 2 ene. 2019 a las 13:50, Robert Paprocki (<rpa...@fe...>) escribió: > Hey Jai, > > I believe ARGS is only filled with the request body with the request is a urlencoded. Because ARGS and friends are treated as tabular variables, ModSecurity won't attempt to parse an XML body and at it into the ARGS or ARGS_POST variables, because there's no sane way to interpolate the document into key-value paired data. > > On Wed, Jan 2, 2019 at 10:21 AM Jai Harpalani via mod-security-developers <mod...@li...> wrote: > User-documentation states: > > "ARGS is a collection and can be used on its own (means all arguments including the POST Payload)..." > > Based on my testing, it does not appear that ARGS is including the POST payload. I am sending a POST request with the body shown below. I expect it to trigger Rule 930120, but it does not. > > Request Body: > > <?xml version='1.0' encoding='UTF-8'?> > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> > <soapenv:Body> > <ns1:echo xmlns:ns1="http://example1.org/example1"> > <Text>hello .bashrc</Text> > </ns1:echo> > </soapenv:Body> > </soapenv:Envelope> > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Davy G. <da...@ya...> - 2019-01-16 14:41:17
|
Yes, I have but it is not for specific sqlia type it is a general or perhaps for all type. Since this is for my thesis I wonder if there is a specific sqlia type? Davy Dikirim dari Yahoo Mail di Android Pada Rab, 16 Jan 2019 pada 19:36, Manuel Spartan<spa...@gm...> menulis: _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Robert P. <rpa...@fe...> - 2019-01-16 15:50:14
|
You may want to have a look at client9’s libinjection library. Sent from my iPhone > On Jan 16, 2019, at 06:41, Davy Gunarso via mod-security-users <mod...@li...> wrote: > > Yes, I have but it is not for specific sqlia type it is a general or perhaps for all type. Since this is for my thesis I wonder if there is a specific sqlia type? > > Davy > > Dikirim dari Yahoo Mail di Android > > Pada Rab, 16 Jan 2019 pada 19:36, Manuel Spartan > <spa...@gm...> menulis: > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > <Untitled> > <Untitled> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Davy G. <da...@ya...> - 2019-01-18 14:59:08
|
Hello, I already understand about the ModSecurity CRS. I am trying to understand Ivan Ristic presentation - https://docs.huihoo.com/modsecurity/Web_Intruction_Detection_with_ModSecurity.pdf I wonder when I should write this: SecFilter "DELETE[[:space:]]+FROM" Thanks in advance. Davy Dikirim dari Yahoo Mail di Android Pada Rab, 16 Jan 2019 pada 19:36, Manuel Spartan<spa...@gm...> menulis: _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Christian F. <chr...@ne...> - 2019-01-20 05:54:10
|
Davy, This is a very old recipe dating back to ModSecurity 1.0. You will have to transpose it to ModSec 2.0 / 3.0 syntax with the SecRule directive and all the mandatory actions that come with it. Best, Christian On Fri, Jan 18, 2019 at 02:58:55PM +0000, Davy Gunarso via mod-security-users wrote: > Hello, > I already understand about the ModSecurity CRS. I am trying to understand Ivan Ristic presentation - https://docs.huihoo.com/modsecurity/Web_Intruction_Detection_with_ModSecurity.pdf > I wonder when I should write this: > SecFilter "DELETE[[:space:]]+FROM" > Thanks in advance. > Davy > > > Dikirim dari Yahoo Mail di Android > > Pada Rab, 16 Jan 2019 pada 19:36, Manuel Spartan<spa...@gm...> menulis: _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Davy G. <da...@ya...> - 2019-01-30 11:40:41
|
Hello, I would like to know if it is possible to subscribe mod security full service and will I be able to get full service? Like ask any question I wish about custom rule? Anyone ever do this? Davy Dikirim dari Yahoo Mail di Android Pada Rab, 16 Jan 2019 pada 21:41, Davy Gunarso<da...@ya...> menulis: Yes, I have but it is not for specific sqlia type it is a general or perhaps for all type. Since this is for my thesis I wonder if there is a specific sqlia type? Davy Dikirim dari Yahoo Mail di Android Pada Rab, 16 Jan 2019 pada 19:36, Manuel Spartan<spa...@gm...> menulis: _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Christian F. <chr...@ne...> - 2019-01-30 12:15:31
|
Hey Davy, Please send me a message off-list. Cheers, Christian On Wed, Jan 30, 2019 at 11:40:32AM +0000, Davy Gunarso via mod-security-users wrote: > Hello, > I would like to know if it is possible to subscribe mod security full service and will I be able to get full service? Like ask any question I wish about custom rule? Anyone ever do this? > Davy > > Dikirim dari Yahoo Mail di Android > > Pada Rab, 16 Jan 2019 pada 21:41, Davy Gunarso<da...@ya...> menulis: Yes, I have but it is not for specific sqlia type it is a general or perhaps for all type. Since this is for my thesis I wonder if there is a specific sqlia type? > Davy > > Dikirim dari Yahoo Mail di Android > > Pada Rab, 16 Jan 2019 pada 19:36, Manuel Spartan<spa...@gm...> menulis: _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Marcello L. <ce...@gm...> - 2019-01-30 12:38:06
|
Il giorno Mer 30 Gen 2019, 13:18 Christian Folini < chr...@ne...> ha scritto: > Hey Davy, > > Please send me a message off-list. > > Cheers, > > Christian > > On Wed, Jan 30, 2019 at 11:40:32AM +0000, Davy Gunarso via > mod-security-users wrote: > > Hello, > > I would like to know if it is possible to subscribe mod security full > service and will I be able to get full service? Like ask any question I > wish about custom rule? Anyone ever do this? > > Davy > > > > Dikirim dari Yahoo Mail di Android > > > > Pada Rab, 16 Jan 2019 pada 21:41, Davy Gunarso<da...@ya...> > menulis: Yes, I have but it is not for specific sqlia type it is a > general or perhaps for all type. Since this is for my thesis I wonder if > there is a specific sqlia type? > > Davy > > > > Dikirim dari Yahoo Mail di Android > > > > Pada Rab, 16 Jan 2019 pada 19:36, Manuel Spartan<spa...@gm...> > menulis: _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Davy G. <da...@ya...> - 2019-01-31 13:52:57
|
Anyone knows about mlogc in mod security and how to access it? Dikirim dari Yahoo Mail di Android Pada Rab, 30 Jan 2019 pada 19:39, Marcello Lorenzi<ce...@gm...> menulis: _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Chaim S. <ch...@ch...> - 2019-01-31 14:04:38
|
I recommend you take a look at Ivan and Christian Folini's book ( https://www.feistyduck.com/books/modsecurity-handbook/) It will answer a lot of questions you have. Also for Mlogic here is a blog I wrote about a basic setup a bit ago: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/sending-modsecurity-logs-to-mysql/ On Thu, Jan 31, 2019 at 8:56 AM Davy Gunarso via mod-security-users < mod...@li...> wrote: > Anyone knows about mlogc in mod security and how to access it? > > Dikirim dari Yahoo Mail di Android > <https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature> > > Pada Rab, 30 Jan 2019 pada 19:39, Marcello Lorenzi > <ce...@gm...> menulis: > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- -- Chaim Sanders http://www.ChaimSanders.com |
Thanks for helping keep SourceForge clean.
X