Thread: [mod-security-users] Help (migrate Mod_security with CRS)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Ted T. <tal...@ho...> - 2019-04-25 12:38:35
|
Hello I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? Thanks a lot for your attention. Sincerely |
|
From: Eero V. <eer...@ik...> - 2019-04-25 12:41:41
|
How about reading documentation: https://www.modsecurity.org/CRS/Documentation/ Yes, you can copy installation to another server.. too. On Thu, Apr 25, 2019 at 3:39 PM Ted Talaiti <tal...@ho...> wrote: > Hello > > I need to implement Mod_security with CRS in apache server of linux in > aws from scratch, and then test it. > Is there any detailed descriptions of steps of Mod_security installation > and configurations (in apache) available, please ? > > Can we move a well configured Mod_security with CRS from a server in aws > to another server in different cloud? > > Thanks a lot for your attention. > Sincerely > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christian F. <chr...@ne...> - 2019-04-25 12:56:37
|
Hi Ted, I suggest you take a peek at the detailed tutorials at https://netnea.com/apache-tutorials They are meant to cover your use case. Best, Christian On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > Hello > > I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. > Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? > > Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? > > Thanks a lot for your attention. > Sincerely > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Ted T. <tal...@ho...> - 2019-04-25 15:21:03
|
Hi thanks for your reply. But there is no information of exporting /importing modsecurity /CRS from server /linux to another. Please shed some light. Thanks a lot. ________________________________ From: Christian Folini <chr...@ne...> Sent: Thursday, April 25, 2019 12:56:25 PM To: mod...@li... Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) Hi Ted, I suggest you take a peek at the detailed tutorials at https://netnea.com/apache-tutorials They are meant to cover your use case. Best, Christian On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > Hello > > I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. > Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? > > Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? > > Thanks a lot for your attention. > Sincerely > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Eero V. <eer...@ik...> - 2019-04-25 15:24:32
|
Just copy rules and config files. Some linux knowledge is required.. Eero On Thu, Apr 25, 2019, 18:21 Ted Talaiti <tal...@ho...> wrote: > Hi thanks for your reply. > But there is no information of exporting /importing modsecurity /CRS from > server /linux to another. > Please shed some light. > Thanks a lot. > ------------------------------ > *From:* Christian Folini <chr...@ne...> > *Sent:* Thursday, April 25, 2019 12:56:25 PM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] Help (migrate Mod_security with CRS) > > Hi Ted, > > I suggest you take a peek at the detailed tutorials at > https://netnea.com/apache-tutorials > > They are meant to cover your use case. > > Best, > > Christian > > > On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > > Hello > > > > I need to implement Mod_security with CRS in apache server of linux in > aws from scratch, and then test it. > > Is there any detailed descriptions of steps of Mod_security installation > and configurations (in apache) available, please ? > > > > Can we move a well configured Mod_security with CRS from a server in aws > to another server in different cloud? > > > > Thanks a lot for your attention. > > Sincerely > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Ted T. <tal...@ho...> - 2019-05-03 08:45:11
|
Hello In following tutorial, you wrote "access to a specific URI on the server is blocked. We want to respond to such a request with HTTP status 403." when you try out with blockade, $> curl http://localhost/phpmyadmin It didn't block (since no such HTTP status 403), rather the access is allowed to the URI. https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? www.netnea.com Please correct me if I am wrong. Regards ________________________________ From: Ted Talaiti <tal...@ho...> Sent: Thursday, April 25, 2019 3:20 PM To: mod...@li... Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) Hi thanks for your reply. But there is no information of exporting /importing modsecurity /CRS from server /linux to another. Please shed some light. Thanks a lot. ________________________________ From: Christian Folini <chr...@ne...> Sent: Thursday, April 25, 2019 12:56:25 PM To: mod...@li... Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) Hi Ted, I suggest you take a peek at the detailed tutorials at https://netnea.com/apache-tutorials They are meant to cover your use case. Best, Christian On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > Hello > > I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. > Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? > > Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? > > Thanks a lot for your attention. > Sincerely > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Christian F. <chr...@ne...> - 2019-05-03 08:53:02
|
Hi Ted, You may want to share your configuration with us so we can understand, why it is not blocking. You did add the rule to block this, did not you? Cheers, Christian On Fri, May 03, 2019 at 08:44:56AM +0000, Ted Talaiti wrote: > Hello > > In following tutorial, you wrote "access to a specific URI on the server is blocked. We want to respond to such a request with HTTP status 403." > when you try out with blockade, > > $> curl http://localhost/phpmyadmin > > It didn't block (since no such HTTP status 403), rather the access is allowed to the URI. > > https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > > Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? > www.netnea.com > > Please correct me if I am wrong. > Regards > > > > ________________________________ > From: Ted Talaiti <tal...@ho...> > Sent: Thursday, April 25, 2019 3:20 PM > To: mod...@li... > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > Hi thanks for your reply. > But there is no information of exporting /importing modsecurity /CRS from server /linux to another. > Please shed some light. > Thanks a lot. > ________________________________ > From: Christian Folini <chr...@ne...> > Sent: Thursday, April 25, 2019 12:56:25 PM > To: mod...@li... > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > Hi Ted, > > I suggest you take a peek at the detailed tutorials at > https://netnea.com/apache-tutorials > > They are meant to cover your use case. > > Best, > > Christian > > > On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > > Hello > > > > I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. > > Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? > > > > Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? > > > > Thanks a lot for your attention. > > Sincerely > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Ted T. <tal...@ho...> - 2019-05-03 09:54:03
|
Hi Christian No sir, my question is based on only your tutorial. The point is that having html response does not mean it is blocked, rather it means opposite. Since in <title> you can write anything, which (403 Forbidden) is different from what you wrote as "We want to respond to such a request with HTTP status 403." <title>403 Forbidden</title> In short, we see no blocking (HTTP status 403) in <Step 7: Trying out the blockade>. https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/ Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? www.netnea.com Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? www.netnea.com ________________________________ From: Christian Folini <chr...@ne...> Sent: Friday, May 3, 2019 8:52 AM To: mod...@li... Subject: Re: [mod-security-users] Help (Mistake with Mod_security blocking list) Hi Ted, You may want to share your configuration with us so we can understand, why it is not blocking. You did add the rule to block this, did not you? Cheers, Christian On Fri, May 03, 2019 at 08:44:56AM +0000, Ted Talaiti wrote: > Hello > > In following tutorial, you wrote "access to a specific URI on the server is blocked. We want to respond to such a request with HTTP status 403." > when you try out with blockade, > > $> curl http://localhost/phpmyadmin > > It didn't block (since no such HTTP status 403), rather the access is allowed to the URI. > > https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > > Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? > www.netnea.com<http://www.netnea.com> > > Please correct me if I am wrong. > Regards > > > > ________________________________ > From: Ted Talaiti <tal...@ho...> > Sent: Thursday, April 25, 2019 3:20 PM > To: mod...@li... > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > Hi thanks for your reply. > But there is no information of exporting /importing modsecurity /CRS from server /linux to another. > Please shed some light. > Thanks a lot. > ________________________________ > From: Christian Folini <chr...@ne...> > Sent: Thursday, April 25, 2019 12:56:25 PM > To: mod...@li... > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > Hi Ted, > > I suggest you take a peek at the detailed tutorials at > https://netnea.com/apache-tutorials > > They are meant to cover your use case. > > Best, > > Christian > > > On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > > Hello > > > > I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. > > Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? > > > > Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? > > > > Thanks a lot for your attention. > > Sincerely > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Christian F. <chr...@ne...> - 2019-05-03 10:26:29
|
Hello Ted, No, I think blocking a request with a http status code of 403 and a html response body describing / explaining the status code is in line with the meaning of blocking. You you have in mind is probably more like dropping the request, which is supported by ModSecurity, but not covered in my tutorials. Best, Christian On Fri, May 03, 2019 at 09:53:49AM +0000, Ted Talaiti wrote: > Hi Christian > > No sir, my question is based on only your tutorial. > The point is that having html response does not mean it is blocked, rather it means opposite. > Since in <title> you can write anything, which (403 Forbidden) is different from what you wrote as "We want to respond to such a request with HTTP status 403." > > > <title>403 Forbidden</title> > > In short, we see no blocking (HTTP status 403) in <Step 7: Trying out the blockade>. > https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/ > Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? > www.netnea.com > > > > Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? > www.netnea.com > > > > > > ________________________________ > From: Christian Folini <chr...@ne...> > Sent: Friday, May 3, 2019 8:52 AM > To: mod...@li... > Subject: Re: [mod-security-users] Help (Mistake with Mod_security blocking list) > > Hi Ted, > > You may want to share your configuration with us so we can understand, why it > is not blocking. > > You did add the rule to block this, did not you? > > Cheers, > > Christian > > On Fri, May 03, 2019 at 08:44:56AM +0000, Ted Talaiti wrote: > > Hello > > > > In following tutorial, you wrote "access to a specific URI on the server is blocked. We want to respond to such a request with HTTP status 403." > > when you try out with blockade, > > > > $> curl http://localhost/phpmyadmin > > > > It didn't block (since no such HTTP status 403), rather the access is allowed to the URI. > > > > https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > > > > Embedding ModSecurity – Welcome to netnea<https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/> > > What are we doing? We are compiling the ModSecurity module, embedding it in the Apache web server, creating a base configuration and dealing with false positives for the first time.. Why are we doing this? > > www.netnea.com<http://www.netnea.com> > > > > Please correct me if I am wrong. > > Regards > > > > > > > > ________________________________ > > From: Ted Talaiti <tal...@ho...> > > Sent: Thursday, April 25, 2019 3:20 PM > > To: mod...@li... > > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > > > Hi thanks for your reply. > > But there is no information of exporting /importing modsecurity /CRS from server /linux to another. > > Please shed some light. > > Thanks a lot. > > ________________________________ > > From: Christian Folini <chr...@ne...> > > Sent: Thursday, April 25, 2019 12:56:25 PM > > To: mod...@li... > > Subject: Re: [mod-security-users] Help (migrate Mod_security with CRS) > > > > Hi Ted, > > > > I suggest you take a peek at the detailed tutorials at > > https://netnea.com/apache-tutorials > > > > They are meant to cover your use case. > > > > Best, > > > > Christian > > > > > > On Thu, Apr 25, 2019 at 12:38:18PM +0000, Ted Talaiti wrote: > > > Hello > > > > > > I need to implement Mod_security with CRS in apache server of linux in aws from scratch, and then test it. > > > Is there any detailed descriptions of steps of Mod_security installation and configurations (in apache) available, please ? > > > > > > Can we move a well configured Mod_security with CRS from a server in aws to another server in different cloud? > > > > > > Thanks a lot for your attention. > > > Sincerely > > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Ted T. <tal...@ho...> - 2019-05-07 16:42:03
|
Dear
Modsecurity does not record any log information (only showing logs from last year).
1) Is it because of "nolog" as below?
[root@server modsecurity.d]# cat modsecurity.conf
[image.png]
[image.png]
2) by the way, following two config files contain information as follows.
[root@server modsecurity.d]#cat httpd.conf
IncludeOptional conf.d/*.conf
[root@server modsecurity.d]#cat /etc/httpd/conf.d/mod_security.conf
<IfModule security2_module>
Include modsecurity.d/modsecurity.conf
Include modsecurity.d/owasp-modsecurity-crs/crs-setup.conf
Include modsecurity.d/owasp-modsecurity-crs/rules/*.conf
</IfModule>
3) This server just has old audit information from last year.
[image.png]
*************************************
Environment
CentOS 7.5.1804 (Core)
ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.2.<http://3.0.0.2/>
Apache/2.4.29 (CentOS)
************************************
Please Help.
Sincerely
|
|
From: Ted T. <tal...@ho...> - 2019-05-24 14:20:55
Attachments:
Outlook-k5sihm3k.png
|
Dear friends HOW/WHY Uncomment this rule can change the default? Because it says by default it supports 4type of HTTP anyway. On the other hand, if do not uncomment the rule, then it does not the support the 4type of HTTP? [cid:cd9346a7-98d9-4d0d-9b06-d953163653f7] I am confused of what happens if I uncomment the rule or leave it as commented? Sincerely |
|
From: Chaim S. <cha...@gm...> - 2019-05-25 01:01:52
Attachments:
Outlook-k5sihm3k.png
|
Hey Ted, if you leave that commented, the default applies. The confusing portion may be that the example enables the same effect as the default. However, you can extend or restrict the details farther by uncomment and modifying that rule. Let us know if you have any other questions. Thanks, - Chaim On Fri, May 24, 2019, 10:23 AM Ted Talaiti <tal...@ho...> wrote: > Dear friends > > HOW/WHY Uncomment this rule can change the default? > Because it says by default it supports 4type of HTTP anyway. > > On the other hand, if do not uncomment the rule, then it does not the > support the 4type of HTTP? > > > > I am confused of what happens if I uncomment the rule or leave it as > commented? > > Sincerely > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Ted T. <tal...@ho...> - 2019-05-26 20:03:26
|
Hey Chaim 1) What if I just uncomment them and change nothing? Will the redundancy cause problem? Which one works during the exacuations? 2) Increasing paranoia add extra rule. But in following example it only effects to "id:900000" but not others. Are the two statements contrary? Could you please tell the exact place where I can set paranoi level that effects to all CRS or part of it? SecAction \ "id:900000,\ phase:1,\ nolog,\ pass,\ t:none,\ setvar:tx.paranoia_level=1" Sincerely Thanks in advance. ________________________________ From: Chaim Sanders <cha...@gm...> Sent: Saturday, May 25, 2019 1:01 AM To: mod...@li... Subject: Re: [mod-security-users] ambiguous statements in CRS-SetUP.conf Hey Ted, if you leave that commented, the default applies. The confusing portion may be that the example enables the same effect as the default. However, you can extend or restrict the details farther by uncomment and modifying that rule. Let us know if you have any other questions. Thanks, - Chaim On Fri, May 24, 2019, 10:23 AM Ted Talaiti <tal...@ho...<mailto:tal...@ho...>> wrote: Dear friends HOW/WHY Uncomment this rule can change the default? Because it says by default it supports 4type of HTTP anyway. On the other hand, if do not uncomment the rule, then it does not the support the 4type of HTTP? [cid:cd9346a7-98d9-4d0d-9b06-d953163653f7] I am confused of what happens if I uncomment the rule or leave it as commented? Sincerely _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Chaim S. <cha...@gm...> - 2019-05-27 17:16:16
|
Hey Ted, great questions! We set the variables to their default values in https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.2/dev/rules/REQUEST-901-INITIALIZATION.conf. As this is in the rules folder it should be included only after crs-setup. To ensure that the default values do not override the user defined versions, all the variables set in 901 check to see if the variable has already been set, only setting these if they were not previously set in crs-setup. As a result, there should be no issue with replication of these variables. Per your second question, here this rule is setting a variable. Later in the rules we'll enable different sets of rules based on this value. As a result, you only need to override the default (level 1) paranoia level in the crs-setup by uncommenting and changing the paranoia level to the desired setting. Happy hunting! - Chaim On Sun, May 26, 2019, 4:06 PM Ted Talaiti <tal...@ho...> wrote: > Hey Chaim > > 1) What if I just uncomment them and change nothing? > Will the redundancy cause problem? Which one works during the exacuations? > > 2) Increasing paranoia add extra rule. But in following example it only > effects to "id:900000" but not others. > Are the two statements contrary? > Could you please tell the exact place where I can set paranoi level that > effects to all CRS or part of it? > SecAction \ > "id:900000,\ > phase:1,\ > nolog,\ > pass,\ > t:none,\ > setvar:tx.paranoia_level=1" > > Sincerely > Thanks in advance. > > > ------------------------------ > *From:* Chaim Sanders <cha...@gm...> > *Sent:* Saturday, May 25, 2019 1:01 AM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] ambiguous statements in CRS-SetUP.conf > > Hey Ted, if you leave that commented, the default applies. The confusing > portion may be that the example enables the same effect as the default. > However, you can extend or restrict the details farther by uncomment and > modifying that rule. Let us know if you have any other questions. > Thanks, > - Chaim > > On Fri, May 24, 2019, 10:23 AM Ted Talaiti <tal...@ho...> wrote: > > Dear friends > > HOW/WHY Uncomment this rule can change the default? > Because it says by default it supports 4type of HTTP anyway. > > On the other hand, if do not uncomment the rule, then it does not the > support the 4type of HTTP? > > > > I am confused of what happens if I uncomment the rule or leave it as > commented? > > Sincerely > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
Thanks for helping keep SourceForge clean.
X