[Owasp-modsecurity-core-rule-set] please add f-secure radar to scanners-user-agents.data
chaim at chaimsanders.com
Wed Mar 14 23:11:47 UTC 2018
I merged the PR earlier today, it is in the v3.1/dev branch if you want to
try it. Christian generalized the rule so it just looks for 'F-Secure
Radar' within the user agent, none of the random UID's should cause false
negatives. Best of luck!
On Wed, Mar 14, 2018 at 6:57 PM, Eero Volotinen <eero.volotinen at iki.fi>
> Thanks, I will try to test it on today/tomorrow.
> also noticed that useragent can also contain some random id string like '
> this might be related to scan task id? see grep from my logs:
> On Wed, Mar 14, 2018 at 11:09 PM, Christian Folini <
> christian.folini at netnea.com> wrote:
>> Hey Eero,
>> Thank you for the suggestion. I just made this into a pull request.
>> Please try it out and confirm detection works as intended.
>> Ideally on github.
>> On Tue, Mar 13, 2018 at 02:20:30PM +0200, Eero Volotinen wrote:
>> > Hi,
>> > Please add entry for f-secure radar:
>> > #https://www.f-secure.com/en/web/business_global/radar
>> > User-Agent: Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM;
>> > SV1; .NET CLR 3.0.04506.30) F-Secure Radar
>> > br,
>> > Eero
>> > References
>> > 1. https://www.f-secure.com/en/web/business_global/radar
>> > _______________________________________________
>> > Owasp-modsecurity-core-rule-set mailing list
>> > Owasp-modsecurity-core-rule-set at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-
>> mailto:christian.folini at netnea.com
>> twitter: @ChrFolini
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set