[Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows server 2008 R2

Chaim Sanders CSanders at trustwave.com
Mon Feb 9 19:40:01 UTC 2015


Not being able to see your configuration, I am assuming that you do not have your ModSecurity instance in blocking mode. I suggest you check the SecRuleEngine configuration option (https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleEngine) and also ensure that ModSecurity is working properly. Unless this is a very novel SQL injection attack (in which case we can amend the rules to detect it) it should be detected by ModSecurity. Try pasting your payload in our demo site to ensure it will be detected by stock CRS rules (http://modsecurity.org/crs-demo.html). Hope this helps!


Chaim Sanders
Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com<http://www.trustwave.com/>

From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf Of Reginal Laurent
Sent: Monday, February 9, 2015 3:23 AM
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: [Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows server 2008 R2

Hello,

I have a Windows Server 2008 R2 running Apache2 and PHP. ​I have configured Modsecurity for protection against Injection SQL or other attacks.
However, when i scanned vulnerabilities on my server, i still have Injection SQL vulnerabilities and other based attacks. Is it normal ? Could you help me ?

Thank you for feedback.

--

Cordialement,
-------------------------

Réginal LAURENT
Ingénieur Réseaux et Sécurité des SI
CCNA - ID: CSCO12321512
skype : laurent.reginal
Site perso : reginallaurent.info

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150209/8a484f0b/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list