Showing 38 results for: 2007 ×

ModSecurity 2.2.0 Development Releases

Hello all. As this is my first official blog entry, let me first start off with a short introduction... My name is Brian Rectanus (pronounced rec-tan-us, for those curious). As some of you may already know, I was hired by...

ModSecurity Console Performance Tuning

Help, my ModSecurity Community Console is not responding!" Perhaps you have seen this type of email sent to the ModSecurity mailing list? Unfortunately, it is relatively easy to overload the ModSecurity Conmmunity Console when you combine the following three factors:...

ModSecurity Migration Matrix

For all of you who are using ModSecurity 1.x and looking for information on migrating to Mod 2.x, we have posted a migration matrix document that will help. The PDF document is listed under the "Documentation" page on the Mod...

Regular Expression Development Tools

Since ModSecurity is based on regular expressions. Writing rules requires developing and testing such expressions. The following tools can help you in analyzing and testing them: The Regex Coach is simple and powerful. You simply type your expression in the...

ModSecurity Console: Purpose and Deployment

If you have more then 1 ModSecurity installation, you have undoubtedly run into issues with consolidating, analyzing and responding to alert messages. Yes, you can always reconfigure Apache to send its access/error logs through Syslog onto a remote, central logging...

ModSecurity ASCIIZ Evasion

It has been brought to our attention that a fault in the ModSecurity parsing code has been discovered and published. (No, we have not been contacted by the author, either before or after the publication. We learned about the problem...

ModSecurity Status Report

I enjoyed talked about ModSecurity (and web application firewalls) in front of the London OWASP Chapter last night. It's been a while since I talked about ModSecurity. Most of my talks last year were of generic nature, discussing web application...

Handling False Positives and Creating Custom Rules

It is inevitable; you will run into some False Positive hits when using web application firewalls. This is not something that is unique to ModSecurity. All web application firewalls will generate false positives from time to time. The following information...

Dealing with Impedance Mismatch

In my previous post I described a potential problem with web application firewalls protecting web applications. After getting your attention it is only fair to follow up with a solution. Firstly, the problem is not as serious as it may...

PHP Peculiarities for ModSecurity Users

As I was reviewing the ModSecurity 2.1.0-rc7 Reference Manual I realised it did not contain some very important sections we had in the previous (ModSecurity 1.9.x) manual - those on web application firewall impedance mismatch and PHP peculiarities. Impedance mismatch...

HTTPrint vs. ModSecurity

There was a great email posted to the ModSecurity user mail-list today that asked about ModSecurity's ability (or inability) to trick web server fingerprinting tools such as HTTPrint. The short answer is YES, ModSecurity 2.X can be used to effectively...

ModSecurity 2.1.0 Improvements

I have just packaged and released ModSecurity for Apache v2.1.0-rc7, in preparation for the first stable release in the 2.1.x branch. I am very fond of having many release candidates over a period of time. They have an important role...

SANS @Risk Web Vulnerabilities List & Mitigation Steps

This is a listing of Web Application Vulnerabilities that were released by SANS in their @RISK newsletter yesterday - -------------- Summary of the vulnerabilities reported this week: -------------- -- Web Application - Cross Site Scripting (8) 07.5.44 - ezDatabase Login.PHP...

Top 10 Web Hacks of 2006

Jeremiah Grossman gives an excellent overview of the top Web hacks of 2006. If you haven't been following the events as they unfolded last year this presentation alone will help you catch up.

Key Advantages of the Core Rule Set

Following a question on the core rule set on the ModSecuirty mailing list, I would like to list some of the key properties of the core rule set. The focus of the core rule set is to be a "rule...