[Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows server 2008 R2

Reginal Laurent reginal.laurent at gmail.com
Wed Feb 11 17:56:43 UTC 2015


Hello,


Thank you for your feedback. It was that, i did not have my ModSecurity
instance on ON. It was on DectectionOnly.

Now, i have another problem with sites running on Symphony 2. Do you have
specific rules for this framework ? A lot of links to web pages are not
available when ModSecurity intance is ON, when i change it to DetectionOnly
the web application is 100% available. Please, could you help with that ?
The errors regarding "SQL injection" are not true i think. And the
mentioned errors by ModSecurity are not so detailed.

Reginal



On Mon, Feb 9, 2015 at 8:40 PM, Chaim Sanders <CSanders at trustwave.com>
wrote:

>  Not being able to see your configuration, I am assuming that you do not
> have your ModSecurity instance in blocking mode. I suggest you check the
> SecRuleEngine configuration option (
> https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleEngine)
> and also ensure that ModSecurity is working properly. Unless this is a very
> novel SQL injection attack (in which case we can amend the rules to detect
> it) it should be detected by ModSecurity. Try pasting your payload in our
> demo site to ensure it will be detected by stock CRS rules (
> http://modsecurity.org/crs-demo.html). Hope this helps!
>
>
>
>
>
> *Chaim Sanders    *
>
> Security Researcher, SpiderLabs
>
>
>
> *Trustwave* | SMART SECURITY ON DEMAND
>
> www.trustwave.com
>
>
>
> *From:* owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:
> owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] *On Behalf Of *Reginal
> Laurent
> *Sent:* Monday, February 9, 2015 3:23 AM
> *To:* owasp-modsecurity-core-rule-set at lists.owasp.org
> *Subject:* [Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows
> server 2008 R2
>
>
>
> Hello,
>
>
>
> I have a Windows Server 2008 R2 running Apache2 and PHP. ​I have
> configured Modsecurity for protection against Injection SQL or other
> attacks.
>
> However, when i scanned vulnerabilities on my server, i still have
> Injection SQL vulnerabilities and other based attacks. Is it normal ? Could
> you help me ?
>
>
>
> Thank you for feedback.
>
>
>
> --
>
> Cordialement,
>
> -------------------------
>
>
> Réginal LAURENT
> Ingénieur Réseaux et Sécurité des SI
> CCNA - ID: CSCO12321512
> skype : laurent.reginal
> Site perso : reginallaurent.info
>
> ------------------------------
>
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is strictly prohibited. If you
> received this transmission in error, please immediately contact the sender
> and destroy the material in its entirety, whether in electronic or hard
> copy format.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150211/92e9765f/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list