[Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows server 2008 R2
CSanders at trustwave.com
Mon Feb 9 19:40:01 UTC 2015
Not being able to see your configuration, I am assuming that you do not have your ModSecurity instance in blocking mode. I suggest you check the SecRuleEngine configuration option (https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleEngine) and also ensure that ModSecurity is working properly. Unless this is a very novel SQL injection attack (in which case we can amend the rules to detect it) it should be detected by ModSecurity. Try pasting your payload in our demo site to ensure it will be detected by stock CRS rules (http://modsecurity.org/crs-demo.html). Hope this helps!
Security Researcher, SpiderLabs
Trustwave | SMART SECURITY ON DEMAND
From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf Of Reginal Laurent
Sent: Monday, February 9, 2015 3:23 AM
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: [Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows server 2008 R2
I have a Windows Server 2008 R2 running Apache2 and PHP. I have configured Modsecurity for protection against Injection SQL or other attacks.
However, when i scanned vulnerabilities on my server, i still have Injection SQL vulnerabilities and other based attacks. Is it normal ? Could you help me ?
Thank you for feedback.
Ingénieur Réseaux et Sécurité des SI
CCNA - ID: CSCO12321512
skype : laurent.reginal
Site perso : reginallaurent.info
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set