Thread: [mod-security-users] how to prevent directory traversal with modsecurity2
Brought to you by:
victorhora,
zimmerletw
From: <yav...@ih...> - 2007-06-27 09:27:13
|
Hello, I am novice at modsecurity I installed mod_security2 on apache2.0.59 I couldn't find how to prevent directory traversal with modsecurity2 .=20 I know that with modsecurity1. But I couldn't find for modsecurity2. How can I get useful examples about that ? Thanks a lot. |
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-06-27 11:20:54
|
You could use a rule similar to this - =20 SecRule REQUEST_URI "\.\." "phase:1,log,deny,msg:'Directory Traversal = Attack Detected'" =20 The only issue to be aware of is to make sure you verify exactly which = transformation functions may be inherited with this rule. If it applies = the normalisePath function = (http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsec= urity2-apache-reference.html#N10E9C) it will not match as it will remove = the .. characters. It is for these types of reasons that you should = always turn up the debug log level and review your new rule processing = with some tests. =20 --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 ________________________________ From: mod...@li... = [mailto:mod...@li...] On Behalf Of = Yavuz Maslak Sent: Wednesday, June 27, 2007 5:27 AM To: mod...@li... Subject: [mod-security-users] how to prevent directory traversal = withmodsecurity2 =20 Hello, =20 I am novice at modsecurity =20 I installed mod_security2 on apache2.0.59 =20 I couldn't find how to prevent directory traversal with modsecurity2 .=20 I know that with modsecurity1. But I couldn't find for modsecurity2. How can I get useful examples about that ? =20 =20 Thanks a lot. |