Showing 11 results for: 2010 ×ModSecurity Rules ×

Announcing Release of OWASP ModSecurity Core Rule Set v2.1.0

I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.1.0. This is a significant update as we have added many new capabilities. CHANGE LOG - -------------------------- Version 2.1.0 - 12/29/2010 -------------------------- Improvements: - Added...

Announcing Release of CRS v2.0.9

Greetings everyone, I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.0.9. The most significant change is that users can now easily toggle between Traditional or Anomaly Scoring Detection modes. CHANGE LOG - --------------------------...

Advanced Topic of the Week: Request Header Tagging

Request Header Tagging Wouldn't it be cool if your WAF could share its data with the application it is protecting? This concept is similar to anti-SPAM SMTP apps that will add additional mime headers to emails providing the SPAM detection...

ModSecurity User Survey Results Released

As a result of the acquisition of Breach Security (and thus ModSecurity) by Trustwave, we thought that it was a good time to run another User Survey to get a better understanding of how the community is using ModSecurity and,...

Advanced Topic of the Week: Validating SessionIDs

This week's topic discusses how to validate application SessionIDs submitted by clients. Reference Manual Initializing the SESSION collection with the setsid action. setsid Description: Special-purpose action that initialises the SESSION collection. Action Group: Non-disruptive Example: # Initialise session variables using...

OWASP ModSecurity Core Rule Set (CRS) v2.0.8 Released

Greetings everyone, I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8. DOWNLOADING - Download page You can also use the util/rules-updater.pl script to auto-download the latest ZIP archive (see the rules-updater-example.conf file for Repo data). TESTING -...

Advanced Topic of the Week: Validating Byte Ranges

We are starting a new blog post series here on the ModSecurity site called "Advanced Feature of the Week" where we will be highlighting many of ModSecurity's really cool capabilities. These are the features that seldom used or fully understood...