[Owasp-modsecurity-core-rule-set] ESAPI HTTP request validation and ModSecurity CRS rules for XSS

Hiranmayi Palanki Hiranmayi.Palanki at aexp.com
Fri Mar 4 17:53:32 UTC 2016


Hello,

I'm specifically interested in enabling just the XSS CRS rules from ModSecurity. However, I have ESAPI HTTP whitelist validation rules already running. I have the following questions:


1.      Can ModSecurity XSS CRS rules operate in parallel with ESAPI HTTP whitelist validation?

2.      Is it overkill to enable both ESAPI HTTP whitelist validation and ModSecurity XSS blacklist regex patterns?

3.      Does it make sense to split some parts of the HTTP request to go through the ESAPI canonicalize and HTTP validation rules and split some parts of the HTTP request (e.g. query string) to traverse through ModSecurity?

4.      Has anybody implemented both whitelist (through ESAPI HTTP validation) and blacklist regular expression pattern matching at the same time? If so, do you have an opinion on this combined approach?

Thank you in advance.

Hiranmayi Palanki.





American Express made the following annotations
******************************************************************************
"This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."

American Express a ajouté le commentaire suivant le Ce courrier et toute pièce jointe qu'il contient sont réservés au seul destinataire indiqué et peuvent renfermer des 
renseignements confidentiels et privilégiés. Si vous n'êtes pas le destinataire prévu, toute divulgation, duplication, utilisation ou distribution du courrier ou de toute pièce jointe est interdite. Si vous avez reçu cette communication par erreur, veuillez nous en aviser par courrier et détruire immédiatement le courrier et les pièces jointes. Merci.

******************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20160304/779629d9/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list