|
From: Filip B. <fi...@ce...> - 2021-10-31 12:35:02
|
Hello, I'm discovering mod_security with core rule set as very usefull, but I'm going in to trouble with editing HTML via admin part of my CMS including file uploads other parts works well. Is there any recomendations for minimal rule exlusions for allowing this, but with as many as possible rules enabled. In editing html in forms I get many detections in this as XSS attacks or so on. Thanks, Filip Bartmann |
|
From: Reindl H. <h.r...@th...> - 2021-10-31 12:40:17
|
Am 31.10.21 um 13:34 schrieb Filip Bartmann: > I'm discovering mod_security with core rule set as very usefull, but I'm going in to trouble with editing HTML via admin part of my CMS including file uploads other parts works well. > > Is there any recomendations for minimal rule exlusions for allowing this, but with as many as possible rules enabled. In editing html in forms I get many detections in this as XSS attacks or so on. you started that topic already afew weeks ago there is nothing like post HTML and enable as much as possible rules at the same time - you will have a fulltimejob adding more and more rules to exceptions and a minimal WYSIWG change can hit another rule tomorrow forget it, been there, done that many years ago - it's not worth <IfModule mod_security2.c> <LocationMatch "(.*)\/editor\/plugins\/preview\.php$"> SecRequestBodyAccess Off </LocationMatch> </IfModule> |
|
From: Quinn C. <qu...@st...> - 2021-10-31 23:04:04
|
On 31 Oct 2021 13:39:57, Reindl Harald wrote:
> <LocationMatch "(.*)\/editor\/plugins\/preview\.php$">
I like this solution too.
Also, if your editors are connecting from a fixed location or use a VPN, you can turn off SecRequestBodyAccess for a specific IP address either by using:
<If "-R '111.222.333.444'">
SecRequestBodyAccess Off
</If>
or:
SecRule REMOTE_ADDR "^111.222.333.444" "phase:1,nolog,allow,ctl:responseBodyAccess=Off,id:1001"
Regards,
Quinn
|
|
From: Filip B. <fi...@ce...> - 2021-10-31 13:01:30
|
Hello thanks, so I do this, I thought, that core rule set can be enabled even if i want to POST HTML content. With best regards, Filip Bartmann ______________________________________________________________ > Od: "Reindl Harald" <h.r...@th...> > Komu: mod...@li... > Datum: 31.10.2021 13:41 > Předmět: Re: [mod-security-users] Recommended rule exclusions for WYSIWYG editor editing > Am 31.10.21 um 13:34 schrieb Filip Bartmann: > I'm discovering mod_security with core rule set as very usefull, but I'm going in to trouble with editing HTML via admin part of my CMS including file uploads other parts works well. > > Is there any recomendations for minimal rule exlusions for allowing this, but with as many as possible rules enabled. In editing html in forms I get many detections in this as XSS attacks or so on. you started that topic already afew weeks ago there is nothing like post HTML and enable as much as possible rules at the same time - you will have a fulltimejob adding more and more rules to exceptions and a minimal WYSIWG change can hit another rule tomorrow forget it, been there, done that many years ago - it's not worth <IfModule mod_security2.c> <LocationMatch "(.*)\/editor\/plugins\/preview\.php$"> SecRequestBodyAccess Off </LocationMatch> </IfModule> _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users <https://lists.sourceforge.net/lists/listinfo/mod-security-users> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ <http://www.modsecurity.org/projects/commercial/rules/> http://www.modsecurity.org/projects/commercial/support/ <http://www.modsecurity.org/projects/commercial/support/> |
|
From: Christian F. <chr...@ne...> - 2021-10-31 14:11:00
|
Hey Filip, I do not want to disturb Harald's dark outlook with an overly optimistic perspective, but CRS has come a long way since the old days and free form textareas generally work. However, if you insist on posting HTML content, then it's best to enable CRS, but disable all XSS rules by tag on this very field. Other than that check out the rule exclusion packages, maybe they can help. (part of CRS). Cheers, Christian On Sun, Oct 31, 2021 at 01:57:16PM +0100, Filip Bartmann wrote: > Hello thanks, > so I do this, I thought, that core rule set can be enabled even if i want to POST HTML content. > > With best regards, > Filip Bartmann > > ______________________________________________________________ > > Od: "Reindl Harald" <h.r...@th...> > > Komu: mod...@li... > > Datum: 31.10.2021 13:41 > > Předmět: Re: [mod-security-users] Recommended rule exclusions for WYSIWYG editor editing > > > > > Am 31.10.21 um 13:34 schrieb Filip Bartmann: > > I'm discovering mod_security with core rule set as very usefull, but I'm going in to trouble with editing HTML via admin part of my CMS including file uploads other parts works well. > > > Is there any recomendations for minimal rule exlusions for allowing > this, but with as many as possible rules enabled. In editing html in forms I > get many detections in this as XSS attacks or so on. > > you started that topic already afew weeks ago > > there is nothing like post HTML and enable as much as possible rules at the > same time - you will have a fulltimejob adding more and more rules to > exceptions and a minimal WYSIWG change can hit another rule tomorrow > > forget it, been there, done that many years ago - it's not worth > > <IfModule mod_security2.c> > <LocationMatch "(.*)\/editor\/plugins\/preview\.php$"> > SecRequestBodyAccess Off > </LocationMatch> > </IfModule> > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users <https://lists.sourceforge.net/lists/listinfo/mod-security-users> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ <http://www.modsecurity.org/projects/commercial/rules/> > http://www.modsecurity.org/projects/commercial/support/ <http://www.modsecurity.org/projects/commercial/support/> > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Reindl H. <h.r...@th...> - 2021-10-31 14:41:48
|
Am 31.10.21 um 13:57 schrieb Filip Bartmann: > Hello thanks, > > so I do this, I thought, that core rule set can be enabled even if i > want to POST HTML content. it's not completly disabled SecRequestBodyAccess versus SecRuleEngine! phase:1 and all the header stuff is still active SecRequestBodyAccess: Configures whether request bodies will be buffered and processed by ModSecurity by default. > ______________________________________________________________ > > Od: "Reindl Harald" <h.r...@th...> > > Komu: mod...@li... > > Datum: 31.10.2021 13:41 > > Předmět: Re: [mod-security-users] Recommended rule exclusions for > WYSIWYG editor editing > > > > Am 31.10.21 um 13:34 schrieb Filip Bartmann: > > I'm discovering mod_security with core rule set as very usefull, but > I'm going in to trouble with editing HTML via admin part of my CMS > including file uploads other parts works well. > > > > Is there any recomendations for minimal rule exlusions for allowing > this, but with as many as possible rules enabled. In editing html in > forms I get many detections in this as XSS attacks or so on. > > you started that topic already afew weeks ago > > there is nothing like post HTML and enable as much as possible rules at > the same time - you will have a fulltimejob adding more and more rules > to exceptions and a minimal WYSIWG change can hit another rule tomorrow > > forget it, been there, done that many years ago - it's not worth > > <IfModule mod_security2.c> > <LocationMatch "(.*)\/editor\/plugins\/preview\.php$"> > SecRequestBodyAccess Off > </LocationMatch> > </IfModule> |
|
From: Christian F. <chr...@ne...> - 2021-10-31 20:57:00
|
Hey Harald, On Sun, Oct 31, 2021 at 03:35:35PM +0100, Reindl Harald wrote: > it's not completly disabled > SecRequestBodyAccess versus SecRuleEngine! > > phase:1 and all the header stuff is still active > > SecRequestBodyAccess: > Configures whether request bodies will be buffered and processed by > ModSecurity by default. That's decent enough. Watch our for next CRS release where more rules will happen in phase 1. Cheers, Christian > > > ______________________________________________________________ > > > Od: "Reindl Harald" <h.r...@th...> > > > Komu: mod...@li... > > > Datum: 31.10.2021 13:41 > > > Předmět: Re: [mod-security-users] Recommended rule exclusions for > > WYSIWYG editor editing > > > > > > > Am 31.10.21 um 13:34 schrieb Filip Bartmann: > > > I'm discovering mod_security with core rule set as very usefull, but > > I'm going in to trouble with editing HTML via admin part of my CMS > > including file uploads other parts works well. > > > > > > Is there any recomendations for minimal rule exlusions for allowing > > this, but with as many as possible rules enabled. In editing html in > > forms I get many detections in this as XSS attacks or so on. > > > > you started that topic already afew weeks ago > > > > there is nothing like post HTML and enable as much as possible rules at > > the same time - you will have a fulltimejob adding more and more rules > > to exceptions and a minimal WYSIWG change can hit another rule tomorrow > > > > forget it, been there, done that many years ago - it's not worth > > > > <IfModule mod_security2.c> > > <LocationMatch "(.*)\/editor\/plugins\/preview\.php$"> > > SecRequestBodyAccess Off > > </LocationMatch> > > </IfModule> > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
