[Owasp-modsecurity-core-rule-set] ARGS against PUT

Brian Davis (bridavis) bridavis at cisco.com
Mon Mar 7 22:26:06 UTC 2016


Thanks, Athmane.

One question, what is mod_security_crs package at 2.2.6 while the Git repo
is at 2.2.9?

Thanks,
Brian

On 3/7/16, 7:00 AM,
"owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
owasp-modsecurity-core-rule-set-request at lists.owasp.org"
<owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
owasp-modsecurity-core-rule-set-request at lists.owasp.org> wrote:

>Send Owasp-modsecurity-core-rule-set mailing list submissions to
>	owasp-modsecurity-core-rule-set at lists.owasp.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>or, via email, send a message with subject or body 'help' to
>	owasp-modsecurity-core-rule-set-request at lists.owasp.org
>
>You can reach the person managing the list at
>	owasp-modsecurity-core-rule-set-owner at lists.owasp.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Owasp-modsecurity-core-rule-set digest..."
>
>
>Today's Topics:
>
>   1. Re: ARGS against PUT (was Re: Owasp-modsecurity-core-rule-set
>      Digest, Vol 83, Issue 8) (Athmane Madjoudj)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Sun, 6 Mar 2016 22:48:25 +0100
>From: Athmane Madjoudj <athmane at fedoraproject.org>
>To: "Brian Davis (bridavis)" <bridavis at cisco.com>
>Cc: "owasp-modsecurity-core-rule-set at lists.owasp.org"
>	<owasp-modsecurity-core-rule-set at lists.owasp.org>
>Subject: Re: [Owasp-modsecurity-core-rule-set] ARGS against PUT (was
>	Re: Owasp-modsecurity-core-rule-set Digest, Vol 83, Issue 8)
>Message-ID:
>	<CAOV0wtPOyr-mmufVUxPBUHo-Kqe_rxoTxq2Hegg7X7tnRTOFLQ at mail.gmail.com>
>Content-Type: text/plain; charset=UTF-8
>
>Hi Brian,
>
>On Sun, Mar 6, 2016 at 4:49 PM, Brian Davis (bridavis)
><bridavis at cisco.com> wrote:
>> (For some reason I didn?t get the direct email response.)
>>
>> After doing some more research, I think it?s relates to the fact that
>>the
>> <script> is in a JSON payload, and it turns out I?m not running a recent
>> enough version of mod security which supports JSON parsing. CentOS 7.1
>>is
>> only packaging 2.7.3, where as JSON parser comes in 2.8.
>>
>> I?m working on manually upgrading and trying again to see if that helps.
>
>You may use this repo which is the same package version as Fedora
>development branch.
>
>https://copr.fedorainfracloud.org/coprs/athmane/mod_security/
>
>
>Best regards.
>
>- Athmane
>
>
>------------------------------
>
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>
>End of Owasp-modsecurity-core-rule-set Digest, Vol 83, Issue 14
>***************************************************************



More information about the Owasp-modsecurity-core-rule-set mailing list