Thread: [mod-security-users] mod_security update
Brought to you by:
victorhora,
zimmerletw
From: Jose P. V. L. <pab...@gm...> - 2013-06-26 08:04:42
|
Hello everyone. We are thinking to update mod_security-2.5.9 to 2.7.4 or even 2.7.7 but we have over 300 server which so many domains and each of it has their own development or their own cms and different versions of them. The problem is to update all servers from once would end with clients complaining about their websites doesn´t work correctly. I thought to update mod_security within very few servers commenting all rules, and starting to uncomment slowly watching if there is any false positives or malfuncioning over the websites. My security colleagues thinks every systems administrator should take 5 servers of our managed servers and hot troubleshooting (watch and modify or comment those conflictive rules). Please, would you mind to tell me wich approach you should take in order to avoid service incidences? Thanks in advance. |
From: Josh Amishav-Z. <ja...@ow...> - 2013-06-26 11:06:39
|
On Wed, Jun 26, 2013 at 11:04 AM, Jose Pablo Valcárcel Lázaro < pab...@gm...> wrote: > > The problem is to update all servers from once would end with clients > complaining about their websites doesn´t work correctly. > > Hi Jose, Is it possible to run the new rules in DetectionOnly mode? -- - Josh > I thought to update mod_security within very few servers commenting all > rules, and starting to uncomment slowly watching if there is any false > positives or malfuncioning over the websites. > > My security colleagues thinks every systems administrator should take 5 > servers of our managed servers and hot troubleshooting (watch and modify > or comment those conflictive rules). > > Please, would you mind to tell me wich approach you should take in order > to avoid service incidences? > > Thanks in advance. > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
From: Jose P. V. L. <pab...@gm...> - 2013-06-26 13:26:51
|
I´m not pretty sure but It could be so. Is DetectionOnly mode a global config directive to swith on and off in a easy way to watch if there could have been problems? Thanks for your help Josh. 2013/6/26 Josh Amishav-Zlatin <ja...@ow...> > On Wed, Jun 26, 2013 at 11:04 AM, Jose Pablo Valcárcel Lázaro < > pab...@gm...> wrote: > >> >> The problem is to update all servers from once would end with clients >> complaining about their websites doesn´t work correctly. >> >> > Hi Jose, > > Is it possible to run the new rules in DetectionOnly mode? > > -- > - Josh > > >> I thought to update mod_security within very few servers commenting all >> rules, and starting to uncomment slowly watching if there is any false >> positives or malfuncioning over the websites. >> >> My security colleagues thinks every systems administrator should take 5 >> servers of our managed servers and hot troubleshooting (watch and modify >> or comment those conflictive rules). >> >> Please, would you mind to tell me wich approach you should take in order >> to avoid service incidences? >> >> Thanks in advance. >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Windows: >> >> Build for Windows Store. >> >> http://p.sf.net/sfu/windows-dev2dev >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > |
From: Jose P. V. L. <pab...@gm...> - 2013-06-26 13:28:12
|
Is there other ways to test without DetectionOnly mode? Thanks in advance again. 2013/6/26 Jose Pablo Valcárcel Lázaro <pab...@gm...> > I´m not pretty sure but It could be so. > > Is DetectionOnly mode a global config directive to swith on and off in a > easy way to watch if there could have been problems? > > Thanks for your help Josh. > > > 2013/6/26 Josh Amishav-Zlatin <ja...@ow...> > >> On Wed, Jun 26, 2013 at 11:04 AM, Jose Pablo Valcárcel Lázaro < >> pab...@gm...> wrote: >> >>> >>> The problem is to update all servers from once would end with clients >>> complaining about their websites doesn´t work correctly. >>> >>> >> Hi Jose, >> >> Is it possible to run the new rules in DetectionOnly mode? >> >> -- >> - Josh >> >> >>> I thought to update mod_security within very few servers commenting all >>> rules, and starting to uncomment slowly watching if there is any false >>> positives or malfuncioning over the websites. >>> >>> My security colleagues thinks every systems administrator should take 5 >>> servers of our managed servers and hot troubleshooting (watch and modify >>> or comment those conflictive rules). >>> >>> Please, would you mind to tell me wich approach you should take in order >>> to avoid service incidences? >>> >>> Thanks in advance. >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Windows: >>> >>> Build for Windows Store. >>> >>> http://p.sf.net/sfu/windows-dev2dev >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >>> >> > |
From: Josh Amishav-Z. <ja...@ow...> - 2013-06-26 13:51:28
|
On Wed, Jun 26, 2013 at 4:26 PM, Jose Pablo Valcárcel Lázaro < pab...@gm...> wrote: > I´m not pretty sure but It could be so. > > Is DetectionOnly mode a global config directive to swith on and off in a > easy way to watch if there could have been problems? > > Hi Jose, Take a look at: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecRuleEngine If you are using the CRS as your primary ruleset then I don't know any easy way to upgrade from ModSec 2.5.9 to 2.7.4 without significant debugging. -- - Josh Thanks for your help Josh. > > > 2013/6/26 Josh Amishav-Zlatin <ja...@ow...> > >> On Wed, Jun 26, 2013 at 11:04 AM, Jose Pablo Valcárcel Lázaro < >> pab...@gm...> wrote: >> >>> >>> The problem is to update all servers from once would end with clients >>> complaining about their websites doesn´t work correctly. >>> >>> >> Hi Jose, >> >> Is it possible to run the new rules in DetectionOnly mode? >> >> -- >> - Josh >> >> >>> I thought to update mod_security within very few servers commenting all >>> rules, and starting to uncomment slowly watching if there is any false >>> positives or malfuncioning over the websites. >>> >>> My security colleagues thinks every systems administrator should take 5 >>> servers of our managed servers and hot troubleshooting (watch and modify >>> or comment those conflictive rules). >>> >>> Please, would you mind to tell me wich approach you should take in order >>> to avoid service incidences? >>> >>> Thanks in advance. >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Windows: >>> >>> Build for Windows Store. >>> >>> http://p.sf.net/sfu/windows-dev2dev >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >>> >> > |