[Owasp-modsecurity-core-rule-set] WebSocket CRS Rules

Christian Folini christian.folini at netnea.com
Sun May 20 05:09:53 UTC 2018


Hello Hiranmayi,

Having them would be very interesting of course.

It is not so clear how far you can get. I usually declare that ModSec is no
good fighting standard DoS attacks. As for websockets, you may face a problem
where ModSecurity does not give you proper access to the traffic in question.

Checking standard HTTP headers should not be a proble, though and writing a
few rules for the websocket use case seems feasible.

Ahoj,

Christian

On Thu, May 17, 2018 at 05:44:09PM +0000, Hiranmayi Palanki wrote:
> Hello Christian and Team,
> 
> I'm interested in the community's thoughts on having CRS rules or Custom Rules for detecting attacks against WebSocket connections, specifically DoS and Websocket header tampering.
> 
> Thanks.
> 
> 
> American Express made the following annotations
> ******************************************************************************
> "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
> 
> American Express a ajout? le commentaire suivant le Ce courrier et toute pi?ce jointe qu'il contient sont r?serv?s au seul destinataire indiqu? et peuvent renfermer des 
> renseignements confidentiels et privil?gi?s. Si vous n'?tes pas le destinataire pr?vu, toute divulgation, duplication, utilisation ou distribution du courrier ou de toute pi?ce jointe est interdite. Si vous avez re?u cette communication par erreur, veuillez nous en aviser par courrier et d?truire imm?diatement le courrier et les pi?ces jointes. Merci.
> 
> ******************************************************************************

> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set


-- 
https://www.feistyduck.com/training/modsecurity-training-course
https://www.feistyduck.com/books/modsecurity-handbook/
mailto:christian.folini at netnea.com
twitter: @ChrFolini


More information about the Owasp-modsecurity-core-rule-set mailing list