gmane.comp.apache.mod-security.user

Re: problem with my regex and single line HTMLcomment in RESPONSE_BODY

Hi,

I'm a little embarrassed about yesterday's outburst - I guess reading
debug files for so long made me a little nutso.

Ivan, back to your idea of a ModSecurity console...

I think a large part of my frustration (besides sucking at writing
regex's  comes from having to modify the .conf file, restart
Apache, run a test case, then wade through the debug log file just to
see if it worked or not.

In a couple of weeks after I've hit the 50% project completion
milestone and I compile and install 2.5.5, I'll look more closely at
the C functions in msc_pcre.c. Perhaps it won't be too difficult to
write a C program that can call those directly or call the function
calls that ModSecurity calls.

For now I would be happy with just a shell command line interface
where I can input the regex, then proceed by entering different
strings and knowing if they match or not.

I am writing many WebGoat sublesson-specific regex's and this would
save me a lot of time I believe.

Cheers,
Stephen

On Fri, Jul 4, 2008 at 8:55 AM, Ivan Ristic <ivanr <at> webkreator.com> wrote:
> Achim Hoffmann wrote:

(Continue reading)

headers

christian.folini | 4 Jul 09:12

Re: problem with my regex and single lineHTMLcomment in RESPONSE_BODY

Hey Stephen,

You are touching an interesting subject here:

How to write rules and test them out efficiently? 
Or in your words:

> For now I would be happy with just a shell command line interface where I can input the regex, 
> then proceed by entering different strings and knowing if they match or not.

I work with 4 shells on a single screen and I believe I get quite close to what you
are looking for.

- 1 (top left): Apache config
- 2 (bottom left): Apache commands (-> alias "apareload")
- 3 (bottom right): curl commands
- 4 (top right): tail on the debug log (this can be filtered with tail -f ... | grep -v (...|...|...)

Alias apareload: That is a command alias to reloading
that apache with the latest timestamp on the command line. 
This is very helpful when you play around with multiple
apaches and configs.
If you want to be really nifty, then you can script apareload into a 
while loop and whenever you press enter in that shell window, it
reloads apache.

I do almost all my testing with "curl -v". Sometimes directly, sometimes scripted into
an adhoc shell script (like: proceed by entering different strings). Looking at the 
http status, I can determine wether it matched or not. Sometimes I write multiple 
rules and have each one return a redirect to a different location. That way I can

(Continue reading)

headers

Brian Rectanus | 4 Jul 20:02

Re: problem with my regex and single line HTMLcomment in RESPONSE_BODY

Hi Stephen,

I have a regression test suite coming out with ModSecurity 2.6 (no date 
yet), but I have debated backporting it to the next 2.5 release as well. 
  This is a framework for testing ModSeucrity directives and automates 
the conf file edit, restart, view the debug log process that may help 
you in testing.

-B

Stephen Craig Evans wrote:
> Hi,
> 
> I'm a little embarrassed about yesterday's outburst - I guess reading
> debug files for so long made me a little nutso.
> 
> Ivan, back to your idea of a ModSecurity console...
> 
> I think a large part of my frustration (besides sucking at writing
> regex's  comes from having to modify the .conf file, restart
> Apache, run a test case, then wade through the debug log file just to
> see if it worked or not.
> 
> In a couple of weeks after I've hit the 50% project completion
> milestone and I compile and install 2.5.5, I'll look more closely at
> the C functions in msc_pcre.c. Perhaps it won't be too difficult to
> write a C program that can call those directly or call the function
> calls that ModSecurity calls.
> 
> For now I would be happy with just a shell command line interface

(Continue reading)

headers

Stephen Craig Evans | 5 Jul 02:41

Re: problem with my regex and single line HTMLcomment in RESPONSE_BODY

That sounds very cool.

Do you guys ever sleep? 

Stephen

On Sat, Jul 5, 2008 at 2:02 AM, Brian Rectanus
<Brian.Rectanus <at> breach.com> wrote:
> Hi Stephen,
>
> I have a regression test suite coming out with ModSecurity 2.6 (no date
> yet), but I have debated backporting it to the next 2.5 release as well.
>  This is a framework for testing ModSeucrity directives and automates the
> conf file edit, restart, view the debug log process that may help you in
> testing.
>
> -B
>
> Stephen Craig Evans wrote:
>>
>> Hi,
>>
>> I'm a little embarrassed about yesterday's outburst - I guess reading
>> debug files for so long made me a little nutso.
>>
>> Ivan, back to your idea of a ModSecurity console...
>>
>> I think a large part of my frustration (besides sucking at writing
>> regex's  comes from having to modify the .conf file, restart
>> Apache, run a test case, then wade through the debug log file just to

(Continue reading)