Showing 6 results for: September 2010 ×ModSecurity ×

Advanced Topic of the Week: Validating SessionIDs

This week's topic discusses how to validate application SessionIDs submitted by clients. Reference Manual Initializing the SESSION collection with the setsid action. setsid Description: Special-purpose action that initialises the SESSION collection. Action Group: Non-disruptive Example: # Initialise session variables using...

WASC WHID Bi-Annual Report for 2010

The Web Hacking Incident Database (WHID) is a project dedicated to maintaining a record of web application-related security incidents. WHID's purpose is to serve as a tool for raising awareness of web application security problems and to provide information for...

Advanced Topic of the Week: Real-time Blacklist Lookups

This week's feature is the effective use of Real-time Blacklist lookups (@rbl). Reference Manual rbl Description: Look up the parameter in the RBL given as parameter. Parameter can be an IPv4 address, or a hostname. Example: SecRule REMOTE_ADDR "@rbl sc.surbl.org"...

Advanced Topic of the Week: Transformation Functions

This week's feature is the effective use of Transformation functions. Reference Manual This excerpt is taken from the updated Reference Manual section of Ivan Ristic's book ModSecurity Handbook. Transformation functions are used to alter input data before it is used...