Showing 17 results for: 2003 ×ModSecurity ×

File interception supported

Building on the multipart/form-data support I added to mod_security the other day, today I added two new configuration directives to support file interception. Using SecUploadDir you can tell mod_security to store files (works on per-directory configuration so you can have...

Multipart support added

Over the weekend I worked on adding the multipart/form-data support to mod_security. As a result, the Apache 1.x version in CVS now supports it. It still needs to be polished, of course, but this feature opens a door for other...

A milestone reached

I feel like I've reached a new milestone with mod_security. First of all, it is important to note that since Monday my busy period is officially over and I can now spend more time working on mod_security. Second, in the...

Updated the Snort rules conversion script

The new version of the script to convert Snort rules into mod_security rules is now available (from the same page as before). I initially forgot to escape characters that have a meaning in regular expressions and some rules were preventing...

Converted Snort rules to mod_security rules

I wrote a simple Perl script to convert Snort rules to mod_security rules and published the information here. Ryan first found a similar script from the makers of the Zeus web server but it didn't really work right and the...

Enhanced rules now available

The last change before the 1.7 release is now in the CVS. I have refactored the code dealing with rule processing, and added three new actions: allow, skipnext, and chain. Allow enables you to stop rules processing on a single...

Cookie parsing added

Now you can analyse cookies using new selective filtering variables (COOKIE_name, COOKIE_NAMES, COOKIE_VALUES). Even before this change it was possible to look at cookies (as cookies are just HTTP headers) but the functionality was limited. ModSecurity now parses cookies for...

Masking your web server

There is a new feature available in the CVS, and it allows you to mask your web server and instruct it to pretend to be something else. Normally, to do this sort of thing you would have to change Apache...

Changed name to Web Security Blog

I decided to change the name of this blog to "Web Security Blog". I figured that web security is now a permanent part of my life, and that I frequently want to write about things that are not related to...

Output filtering now in CVS

The new output filtering functions are now in CVS. I implemented this feature for Apache 2 first because of two reasons. First, this version supports the notion of input/output filters - making filtering work is simply a case of using...

New action: pause

I have added a new action to the CVS, called "pause". It accepts one parameter, time in milliseconds, and blocks response to the request when a filter is triggered. I've been told that it can be really useful for blocking...

Added Unicode encoding validation

I've just committed the Unicode validation feature to the CVS. It is a very good thing to have if the application or the operating system support and/or understand Unicode. Most importantly, this feature will protect from attacks where an ASCII...

Selective Filtering

I've just added a new feature to mod_security (CVS, both versions) that allows you to achieve a better control of what gets filtered. Up until now mod_security looked at every single request. Since most static resources (e.g. images) are not...

Fun with PHP CLI scripts

I've had quite a lot of "fun" with PHP CLI scripts the other day. As you perhaps know, there is an "exec" feature built into mod_security that allows you to execute some external binary in response to a filter match....

Apache chrooting simplified

I've added a new (and experimental) feature to mod_security (CVS and Apache 1.x only at the moment) that greatly simplifies the process of chrooting in most cases. Essentially, the chroot call is made from Apache itself, at the very end...

URL decoding bug fixed

I just fixed a small bug in the URL decoding routine. Apparently, I forgot to add code to convert '+' characters into spaces. It is a great comfort to use regression testing while development. So, this time, before making any...

Porting mod_security to Windows

With module functioning well on Unix-based platforms I decided to start with the Windows port. The job was straightforward (I only tried with the Apache 1.x version): after creating the makefile and getting all the switches right I was rewarded...