Showing 10 results for: 2007 ×ModSecurity Rules ×

Web Services Security

NIST has released a new guide on securing Web Services. It is a pretty good read for anyone who is planning to run WS, specifically Appendix A which lists Common WS Attack categories such as: Reconnaissance Attacks Privilege Escalation Attacks...

Optimizing Regular Expressions

As many of you have noticed, the Core Rule Set contains very complex regular expressions. For example: (?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100} ?\bfrom|from\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)| (?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|... These regular expressions are assembled from a list of simpler regular expressions for efficiency reasons. A single optimized regular expression...

Regular Expression Development Tools

Since ModSecurity is based on regular expressions. Writing rules requires developing and testing such expressions. The following tools can help you in analyzing and testing them: The Regex Coach is simple and powerful. You simply type your expression in the...

Handling False Positives and Creating Custom Rules

It is inevitable; you will run into some False Positive hits when using web application firewalls. This is not something that is unique to ModSecurity. All web application firewalls will generate false positives from time to time. The following information...

Key Advantages of the Core Rule Set

Following a question on the core rule set on the ModSecuirty mailing list, I would like to list some of the key properties of the core rule set. The focus of the core rule set is to be a "rule...