Thread: [mod-security-users] modsecurity_50_outbound_malware.data not being referenced
Brought to you by:
victorhora,
zimmerletw
From: Rolling S. <jz...@ho...> - 2013-01-04 19:36:09
|
In OWASP_CRS/2.7.7, cannot find any .conf file referencing modsecurity_50_outbound_malware.data I would like to know the rationale behind the scene, and how this file should be used to be useful. Thanks, |
From: Josh Amishav-Z. <ja...@gm...> - 2013-01-08 19:51:49
|
On Fri, Jan 4, 2013 at 9:35 PM, Rolling Stone <jz...@ho...> wrote: > In OWASP_CRS/2.7.7, cannot find any .conf file referencing > modsecurity_50_outbound_malware.data**** > > I would like to know the rationale behind the scene, and how this file > should be used to be useful.**** > > ** > FWIW, it looks like the Snort/VRT team is updating their list of malicious URLs again, e.g.: http://labs.snort.org/iplists/urllist-2013-01-07 You could setup a cronjob to grab the daily list, update your malware data file and create a ModSecurity rule to search the response body for those URLs. -- - Josh > ** > > Thanks,**** > > > ------------------------------------------------------------------------------ > Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and > much more. Get web development skills now with LearnDevNow - > 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. > SALE $99.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122812 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |