Thread: [mod-security-users] Website issues (modsecurity.org)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Christopher S. <ch...@ch...> - 2019-07-30 21:54:53
Attachments:
signature.asc
|
Hi there, I went to look for something on the site and I found that the TLS certificate has expired yesterday. I tried to check the mailing list archives but literally all of the links to the archives are broken as well. Is anyone maintaining the web site? Thanks, -chris |
|
From: Felipe R. <fel...@gm...> - 2019-07-30 22:07:05
|
Trustwave, I think. On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < ch...@ch...> wrote: > Hi there, > > I went to look for something on the site and I found that the TLS > certificate has expired yesterday. > > I tried to check the mailing list archives but literally all of the > links to the archives are broken as well. > > Is anyone maintaining the web site? > > Thanks, > -chris > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Felipe Z. <fe...@zi...> - 2019-07-30 22:42:42
|
Hi, Christopher Thank you for the report. Yes, Trustwave is the one in charge of the website. They are already aware that that certificate is expired. IT department is taking care of it. Br., Felipe. On Tue, Jul 30, 2019 at 7:07 PM Felipe Rocha <fel...@gm...> wrote: > Trustwave, I think. > > On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < > ch...@ch...> wrote: > >> Hi there, >> >> I went to look for something on the site and I found that the TLS >> certificate has expired yesterday. >> >> I tried to check the mailing list archives but literally all of the >> links to the archives are broken as well. >> >> Is anyone maintaining the web site? >> >> Thanks, >> -chris >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Christian F. <chr...@ne...> - 2019-07-31 04:21:25
|
Hey Felipe, While you are at it, would you mind redirecting http://modsecurity.org/crs/ to https://coreruleset.org? The page Trustwave is hosting is outdated and some of the information is too. We have a long standing "issue" concerning this https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/996 and we'd like to be able to close it. Best, Christian, on behalf of the CRS team On Tue, Jul 30, 2019 at 07:41:53PM -0300, Felipe Zimmerle wrote: > Hi, Christopher > > Thank you for the report. > > Yes, Trustwave is the one in charge of the website. They are already aware > that that certificate is expired. IT department is taking care of it. > > Br., > Felipe. > > > > > On Tue, Jul 30, 2019 at 7:07 PM Felipe Rocha <fel...@gm...> wrote: > > > Trustwave, I think. > > > > On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < > > ch...@ch...> wrote: > > > >> Hi there, > >> > >> I went to look for something on the site and I found that the TLS > >> certificate has expired yesterday. > >> > >> I tried to check the mailing list archives but literally all of the > >> links to the archives are broken as well. > >> > >> Is anyone maintaining the web site? > >> > >> Thanks, > >> -chris > >> > >> _______________________________________________ > >> mod-security-users mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-users > >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > >> http://www.modsecurity.org/projects/commercial/rules/ > >> http://www.modsecurity.org/projects/commercial/support/ > >> > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > -- > Br., > Felipe Zimmerle > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Felipe Z. <fe...@zi...> - 2019-07-31 16:34:52
|
Hi Folini, Sorry if I was not clear, the ones who are working on it is the IT team on Trustwave. I don't have access to the CA to issue the certificate nor update the certificate. That is up to Trustwave's IT department. In regarding the content of the website. if I am not mistaken, you had a discussion with Ziv Mador (Responsible for ModSecurity project on Trustwave) about that matter and you guys came to an agreement on it, am I right? Br., Felipe. On Wed, Jul 31, 2019 at 1:21 AM Christian Folini < chr...@ne...> wrote: > Hey Felipe, > > While you are at it, would you mind redirecting > http://modsecurity.org/crs/ > to https://coreruleset.org? The page Trustwave is hosting is outdated and > some > of the information is too. > > We have a long standing "issue" concerning this > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/996 > and we'd like to be able to close it. > > Best, > > Christian, on behalf of the CRS team > > > On Tue, Jul 30, 2019 at 07:41:53PM -0300, Felipe Zimmerle wrote: > > Hi, Christopher > > > > Thank you for the report. > > > > Yes, Trustwave is the one in charge of the website. They are already > aware > > that that certificate is expired. IT department is taking care of it. > > > > Br., > > Felipe. > > > > > > > > > > On Tue, Jul 30, 2019 at 7:07 PM Felipe Rocha <fel...@gm...> > wrote: > > > > > Trustwave, I think. > > > > > > On Tue, Jul 30, 2019 at 6:58 PM Christopher Schultz < > > > ch...@ch...> wrote: > > > > > >> Hi there, > > >> > > >> I went to look for something on the site and I found that the TLS > > >> certificate has expired yesterday. > > >> > > >> I tried to check the mailing list archives but literally all of the > > >> links to the archives are broken as well. > > >> > > >> Is anyone maintaining the web site? > > >> > > >> Thanks, > > >> -chris > > >> > > >> _______________________________________________ > > >> mod-security-users mailing list > > >> mod...@li... > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-users > > >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > >> http://www.modsecurity.org/projects/commercial/rules/ > > >> http://www.modsecurity.org/projects/commercial/support/ > > >> > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > -- > > Br., > > Felipe Zimmerle > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Christian F. <chr...@ne...> - 2019-07-31 19:56:49
|
Hello Felipe, On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > In regarding the content of the website. if I am not mistaken, you had a > discussion with Ziv Mador (Responsible for ModSecurity project on > Trustwave) about that matter and you guys came to an agreement on it, am I > right? It has been years since I last talked to Ziv. I remember us disagreeing on the question of the separate website for the OWASP ModSecurity Core Rule Set project. I do not remember an agreement though. Please enlighten me, if you do. On the other hand, I remember Joe Hopp promising us to take care of this problem last Summer. All in all we have probably written up to a dozen of messages to several people at Trustwave to - have modsecurity.org/crs redirect to coreruleset.org - have the link in the subtitle of https://github.com/SpiderLabs/owasp-modsecurity-crs point to coreruleset.org instead of modsecurity.org/crs but without luck so far and most of the time without getting a response. It feels like Trustwave wants to punish the OWASP ModSecurity Core Rule Set project for taking the decision to create its own website. I do not know if this is the case, but I do not really see any reason why Trustwave would insist to keep people in the dark about the latest information about our project. We are running a blog on coreruleset.org. However, the people landing on modsecurity.org/crs won't see that blog ever. To name but one shortcoming. Cheers, Christian on behalf of the OWASP ModSecurity Core Rule Set project -- I don't believe that we have come to the end of the democratic experiment. -- Bruce Schneier |
|
From: Felipe Z. <fe...@zi...> - 2019-08-01 01:41:05
|
Hi Folini, I am afraid I cannot help you on that matter because I was not part of those discussions, I was not in the summit nor CC'ed in any of those emails. I thought you guys had an agreement, my fault. My advice to you is to talk to the peers that you have already started a discussion. So We can better understand the progress/status of those items. Please put me in the loop, so I will be able to be more helpful. Br., Felipe. On Wed, Jul 31, 2019 at 4:56 PM Christian Folini < chr...@ne...> wrote: > Hello Felipe, > > On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > > In regarding the content of the website. if I am not mistaken, you had a > > discussion with Ziv Mador (Responsible for ModSecurity project on > > Trustwave) about that matter and you guys came to an agreement on it, am > I > > right? > > It has been years since I last talked to Ziv. I remember us disagreeing on > the question of the separate website for the OWASP ModSecurity Core Rule > Set > project. I do not remember an agreement though. Please enlighten me, if you > do. > > On the other hand, I remember Joe Hopp promising us to take care of this > problem last Summer. All in all we have probably written up to a dozen of > messages to several people at Trustwave to > > - have modsecurity.org/crs redirect to coreruleset.org > - have the link in the subtitle of > https://github.com/SpiderLabs/owasp-modsecurity-crs > point to coreruleset.org instead of modsecurity.org/crs > > but without luck so far and most of the time without getting a response. > > It feels like Trustwave wants to punish the OWASP ModSecurity > Core Rule Set project for taking the decision to create its own website. > I do not know if this is the case, but I do not really see any reason > why Trustwave would insist to keep people in the dark about the > latest information about our project. > > We are running a blog on coreruleset.org. However, the people landing on > modsecurity.org/crs won't see that blog ever. To name but one shortcoming. > > Cheers, > > Christian on behalf of the OWASP ModSecurity Core Rule Set project > > > -- > I don't believe that we have come to the end of the democratic experiment. > -- Bruce Schneier > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
|
From: Christian F. <chr...@ne...> - 2019-08-06 21:40:29
|
Thank you for your advice Felipe. I'll act accordingly. Cheers, Christian On Wed, Jul 31, 2019 at 10:40:14PM -0300, Felipe Zimmerle wrote: > Hi Folini, > > I am afraid I cannot help you on that matter because I was not part of > those discussions, I was not in the summit nor CC'ed in any of those > emails. I thought you guys had an agreement, my fault. > > My advice to you is to talk to the peers that you have already started a > discussion. So We can better understand the progress/status of those items. > Please put me in the loop, so I will be able to be more helpful. > > Br., > Felipe. > > > > On Wed, Jul 31, 2019 at 4:56 PM Christian Folini < > chr...@ne...> wrote: > > > Hello Felipe, > > > > On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > > > In regarding the content of the website. if I am not mistaken, you had a > > > discussion with Ziv Mador (Responsible for ModSecurity project on > > > Trustwave) about that matter and you guys came to an agreement on it, am > > I > > > right? > > > > It has been years since I last talked to Ziv. I remember us disagreeing on > > the question of the separate website for the OWASP ModSecurity Core Rule > > Set > > project. I do not remember an agreement though. Please enlighten me, if you > > do. > > > > On the other hand, I remember Joe Hopp promising us to take care of this > > problem last Summer. All in all we have probably written up to a dozen of > > messages to several people at Trustwave to > > > > - have modsecurity.org/crs redirect to coreruleset.org > > - have the link in the subtitle of > > https://github.com/SpiderLabs/owasp-modsecurity-crs > > point to coreruleset.org instead of modsecurity.org/crs > > > > but without luck so far and most of the time without getting a response. > > > > It feels like Trustwave wants to punish the OWASP ModSecurity > > Core Rule Set project for taking the decision to create its own website. > > I do not know if this is the case, but I do not really see any reason > > why Trustwave would insist to keep people in the dark about the > > latest information about our project. > > > > We are running a blog on coreruleset.org. However, the people landing on > > modsecurity.org/crs won't see that blog ever. To name but one shortcoming. > > > > Cheers, > > > > Christian on behalf of the OWASP ModSecurity Core Rule Set project > > > > > > -- > > I don't believe that we have come to the end of the democratic experiment. > > -- Bruce Schneier > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > -- > Br., > Felipe Zimmerle > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Felipe Z. <fe...@zi...> - 2019-08-07 00:46:21
|
My pleasure. Hope to see everything working soon. Br., Felipe On Tue, Aug 6, 2019 at 6:40 PM Christian Folini <chr...@ne...> wrote: > Thank you for your advice Felipe. I'll act accordingly. > > Cheers, > > Christian > > On Wed, Jul 31, 2019 at 10:40:14PM -0300, Felipe Zimmerle wrote: > > Hi Folini, > > > > I am afraid I cannot help you on that matter because I was not part of > > those discussions, I was not in the summit nor CC'ed in any of those > > emails. I thought you guys had an agreement, my fault. > > > > My advice to you is to talk to the peers that you have already started a > > discussion. So We can better understand the progress/status of those > items. > > Please put me in the loop, so I will be able to be more helpful. > > > > Br., > > Felipe. > > > > > > > > On Wed, Jul 31, 2019 at 4:56 PM Christian Folini < > > chr...@ne...> wrote: > > > > > Hello Felipe, > > > > > > On Wed, Jul 31, 2019 at 01:34:02PM -0300, Felipe Zimmerle wrote: > > > > In regarding the content of the website. if I am not mistaken, you > had a > > > > discussion with Ziv Mador (Responsible for ModSecurity project on > > > > Trustwave) about that matter and you guys came to an agreement on > it, am > > > I > > > > right? > > > > > > It has been years since I last talked to Ziv. I remember us > disagreeing on > > > the question of the separate website for the OWASP ModSecurity Core > Rule > > > Set > > > project. I do not remember an agreement though. Please enlighten me, > if you > > > do. > > > > > > On the other hand, I remember Joe Hopp promising us to take care of > this > > > problem last Summer. All in all we have probably written up to a dozen > of > > > messages to several people at Trustwave to > > > > > > - have modsecurity.org/crs redirect to coreruleset.org > > > - have the link in the subtitle of > > > https://github.com/SpiderLabs/owasp-modsecurity-crs > > > point to coreruleset.org instead of modsecurity.org/crs > > > > > > but without luck so far and most of the time without getting a > response. > > > > > > It feels like Trustwave wants to punish the OWASP ModSecurity > > > Core Rule Set project for taking the decision to create its own > website. > > > I do not know if this is the case, but I do not really see any reason > > > why Trustwave would insist to keep people in the dark about the > > > latest information about our project. > > > > > > We are running a blog on coreruleset.org. However, the people landing > on > > > modsecurity.org/crs won't see that blog ever. To name but one > shortcoming. > > > > > > Cheers, > > > > > > Christian on behalf of the OWASP ModSecurity Core Rule Set project > > > > > > > > > -- > > > I don't believe that we have come to the end of the democratic > experiment. > > > -- Bruce Schneier > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > -- > > Br., > > Felipe Zimmerle > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Br., Felipe Zimmerle |
Thanks for helping keep SourceForge clean.
X