headers
Gerwin Krist -|- Digitalus Webhosting | 4 Apr 15:43
Picon
Favicon

Re: Rules database


Hello Román,

You could try http://www.gotroot.com/downloads/ftp/mod_security/rules.conf
It has a LOT of rules.
Hope it's helpfull.

Gerwin

Roman Medina-Heigl Hernandez wrote:
| Hi,
|
| I'm interested in protecting webapps in a "generic way" (more or less
| :-)), which means that if I choose to install a PHP-Nuke portal and a
| new SQL injection bug in that portal is disclosed, it will not be
| exploitable (the code would still be buggy until patching, but that's
| unavoidable). Of course, the idea is to catch the more kind of bugs
| being possible (not only SQL injection, but directory traversal, remote
| PHP script injection, shell injection, etc).
|
| I visited:
| http://www.modsecurity.org/db/rules/
| But I got a bit disappointed when I saw only 4 rules :-(. The db seems
| to be discontinued... ?
|
| I'm wondering whether:
| 1) There are other "repositories" for mod-security rules, or
| 2) Some of you, security-specialists, would be kind enough to share the
| rules you have, ideas, etc.
|
(Continue reading)

Permalink | Reply |
headers
Roman Medina-Heigl Hernandez | 4 Apr 16:14

Re: Rules database

Gerwin Krist -|- Digitalus Webhosting wrote:

> You could try http://www.gotroot.com/downloads/ftp/mod_security/rules.conf

It looks nice. But it seems to be having problems in Apache 1.x
(according to the comments). Do you know if they've been fixed? I also
read one thread at gotroot.com but it didn't contain specific info about
the issue.

I still have to review the link provided by Alberto (my proxy doesn't
load it, I'll try again l8r).

Thanks to both, Gerwin & Alberto :-)

Regards,
-Román

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
Permalink | Reply |
headers
Michael Shinn | 8 Apr 23:09

Re: Rules database

On Mon, 2005-04-04 at 16:14 +0200, Roman Medina-Heigl Hernandez wrote:
> Gerwin Krist -|- Digitalus Webhosting wrote:
> 
> > You could try http://www.gotroot.com/downloads/ftp/mod_security/rules.conf
> 
> It looks nice. But it seems to be having problems in Apache 1.x
> (according to the comments). Do you know if they've been fixed? I also
> read one thread at gotroot.com but it didn't contain specific info about
> the issue.

Hi, I'm the author of those rules.  The rules that choke on apache 1.x
deal with my use of pcre regex'es while Apache 1.x apparently only
supports POSIX regex's.  The solution is that I need to convert all
those regex's to POSIX regex's for the legacy Apache 1.x systems.
Otherwise, the rules should work fine.  Its just a regex formating issue
for the two platforms.

> 
> I still have to review the link provided by Alberto (my proxy doesn't
> load it, I'll try again l8r).
> 
> Thanks to both, Gerwin & Alberto :-)
> 
> Regards,
> -Román
> 
> 
> 
> 
> -------------------------------------------------------
(Continue reading)

Permalink | Reply |
headers
Ivan Ristic | 11 Apr 11:16
Gravatar

Re: Rules database

Michael Shinn wrote:
> On Mon, 2005-04-04 at 16:14 +0200, Roman Medina-Heigl Hernandez wrote:
> 
>>Gerwin Krist -|- Digitalus Webhosting wrote:
>>
>>
>>>You could try http://www.gotroot.com/downloads/ftp/mod_security/rules.conf
>>
>>It looks nice. But it seems to be having problems in Apache 1.x
>>(according to the comments). Do you know if they've been fixed? I also
>>read one thread at gotroot.com but it didn't contain specific info about
>>the issue.
> 
> 
> Hi, I'm the author of those rules.  The rules that choke on apache 1.x
> deal with my use of pcre regex'es while Apache 1.x apparently only
> supports POSIX regex's.  The solution is that I need to convert all
> those regex's to POSIX regex's for the legacy Apache 1.x systems.
> Otherwise, the rules should work fine.

   If you could send me the translation algorithm, I could try and
   put it right into the Apache 1.x version, so the translation would
   happen at runtime with both versions supporting the same format?

--

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org

-------------------------------------------------------
(Continue reading)

Permalink | Reply |
headers
Michael Shinn | 17 Apr 17:40

Re: Rules database

On Mon, 2005-04-11 at 10:16 +0100, Ivan Ristic wrote:
> Michael Shinn wrote:
> > On Mon, 2005-04-04 at 16:14 +0200, Roman Medina-Heigl Hernandez wrote:
> > 
> >>Gerwin Krist -|- Digitalus Webhosting wrote:
> >>
> >>
> >>>You could try http://www.gotroot.com/downloads/ftp/mod_security/rules.conf
> >>
> >>It looks nice. But it seems to be having problems in Apache 1.x
> >>(according to the comments). Do you know if they've been fixed? I also
> >>read one thread at gotroot.com but it didn't contain specific info about
> >>the issue.
> > 
> > 
> > Hi, I'm the author of those rules.  The rules that choke on apache 1.x
> > deal with my use of pcre regex'es while Apache 1.x apparently only
> > supports POSIX regex's.  The solution is that I need to convert all
> > those regex's to POSIX regex's for the legacy Apache 1.x systems.
> > Otherwise, the rules should work fine.
> 
>    If you could send me the translation algorithm, I could try and
>    put it right into the Apache 1.x version, so the translation would
>    happen at runtime with both versions supporting the same format?

That would certainly be a much easier solution for me.  :-)

--

-- 
Michael T. Shinn                                    KeyID:370A4CAB
Key Fingerprint: 0057 437C D882 ECFF 716B 7BD6 6E3B F5BA 370A 4CAB
(Continue reading)

Permalink | Reply |

Gmane