[Owasp-modsecurity-core-rule-set] please add f-secure radar to scanners-user-agents.data

Chaim Sanders chaim at chaimsanders.com
Wed Mar 14 23:11:47 UTC 2018


Hey Eero,
I merged the PR earlier today, it is in the v3.1/dev branch if you want to
try it. Christian generalized the rule so it just looks for 'F-Secure
Radar' within the user agent, none of the random UID's should cause false
negatives. Best of luck!

On Wed, Mar 14, 2018 at 6:57 PM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:

> Thanks, I will try to test it on today/tomorrow.
>
> also noticed that useragent can also contain some random id string like '
> 59e85179-1c46-4f3a-acd1-5c5f6967dc00'
> this might be related to scan task id? see grep from my logs:
>
> https://pastebin.com/6wnitcXQ
>
> Eero
>
> On Wed, Mar 14, 2018 at 11:09 PM, Christian Folini <
> christian.folini at netnea.com> wrote:
>
>> Hey Eero,
>>
>> Thank you for the suggestion. I just made this into a pull request.
>>
>> https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1039
>>
>> Please try it out and confirm detection works as intended.
>> Ideally on github.
>>
>> Ahoj,
>>
>> Christian
>>
>>
>>
>> On Tue, Mar 13, 2018 at 02:20:30PM +0200, Eero Volotinen wrote:
>> >    Hi,
>> >    Please add entry for f-secure radar:
>> >    #[1]https://www.f-secure.com/en/web/business_global/radar
>> >    User-Agent: Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM;
>> >    SV1; .NET CLR 3.0.04506.30) F-Secure Radar
>> >    br,
>> >    Eero
>> >
>> > References
>> >
>> >    1. https://www.f-secure.com/en/web/business_global/radar
>>
>> > _______________________________________________
>> > Owasp-modsecurity-core-rule-set mailing list
>> > Owasp-modsecurity-core-rule-set at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-
>> core-rule-set
>>
>>
>> --
>> https://www.feistyduck.com/training/modsecurity-training-course
>> https://www.feistyduck.com/books/modsecurity-handbook/
>> mailto:christian.folini at netnea.com
>> twitter: @ChrFolini
>>
>
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>


-- 
-- 
Chaim Sanders
http://www.ChaimSanders.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180314/7d59761d/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list