[Owasp-modsecurity-core-rule-set] Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5

Chaim Sanders CSanders at trustwave.com
Tue Sep 15 17:47:31 UTC 2015


We are actually heavily using the feedback from cPanel in order to steer
changes to the 3.0 rule setŠ in conjunction with my previous email this
should kind of give you some insight. We are very thankful to cPanel for
helping us with this telemetry data.

On 9/15/15, 11:18 AM,
"owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
OtherData" <owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on
behalf of info at otherdata.com> wrote:

>I am also interested in why the 2.2.9 rule set is still considered the
>latest rule set, and 3.0 is not.  The 3.0 ruleset appears to be now
>bundled
>with cPanel which is confusing as to why they would bundle it with cPanel
>if
>it is not stable.
>
>
>Wesley Render, Consultant
>http://scanmail.trustwave.com/?c=4062&d=ibz41bI2K9m7Ta3ev1ksnCpRdP9Fi1Gstr
>VdQ3EjKQ&s=5&u=http%3a%2f%2fwww%2eotherdata%2ecom
>
>
>-----Original Message-----
>From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org
>[mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf
>Of owasp-modsecurity-core-rule-set-request at lists.owasp.org
>Sent: September 15, 2015 6:00 AM
>To: owasp-modsecurity-core-rule-set at lists.owasp.org
>Subject: Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5
>
>Send Owasp-modsecurity-core-rule-set mailing list submissions to
>       owasp-modsecurity-core-rule-set at lists.owasp.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>
>http://scanmail.trustwave.com/?c=4062&d=ibz41bI2K9m7Ta3ev1ksnCpRdP9Fi1Gstu
>QOSnFydg&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow
>asp-modsecurity-core-rule-set
>
>or, via email, send a message with subject or body 'help' to
>       owasp-modsecurity-core-rule-set-request at lists.owasp.org
>
>You can reach the person managing the list at
>       owasp-modsecurity-core-rule-set-owner at lists.owasp.org
>
>When replying, please edit your Subject line so it is more specific than
>"Re: Contents of Owasp-modsecurity-core-rule-set digest..."
>
>
>Today's Topics:
>
>   1. Using 3.0 ruleset (kause lotski)
>   2. Re: Some XSS evasions posted (Christian Folini)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 14 Sep 2015 18:19:38 +0000 (UTC)
>From: kause lotski <kauselot at yahoo.com>
>To: "owasp-modsecurity-core-rule-set at lists.owasp.org"
>       <owasp-modsecurity-core-rule-set at lists.owasp.org>
>Subject: [Owasp-modsecurity-core-rule-set] Using 3.0 ruleset
>Message-ID:
>       <1997255831.2489169.1442254778503.JavaMail.yahoo at mail.yahoo.com>
>Content-Type: text/plain; charset="utf-8"
>
>Hi,
>as it seems 3.0 greatly improves extended character sets in unicode
>handling
>(false positives due to this characters), I would like to give it a try.
>But
>as structure has totally changed INSTALL instructions aren't correct
>anymore
>in 3.0 branch, can someone give me a quick guide? is there any ETA for
>3.0 ?
>
>Regards,Kause
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://scanmail.trustwave.com/?c=4062&d=ibz41bI2K9m7Ta3ev1ksnCpRdP9Fi1Gst
>ugORHByKw&s=5&u=http%3a%2f%2flists%2eowasp%2eorg%2fpipermail%2fowasp-modse
>curity-core-rule-set%2fattachment
>s/20150914/aa5ab53e/attachment-0001.html>
>
>------------------------------
>
>Message: 2
>Date: Tue, 15 Sep 2015 06:03:05 +0200
>From: Christian Folini <christian.folini at time-machine.ch>
>To: owasp-modsecurity-core-rule-set at lists.owasp.org
>Subject: Re: [Owasp-modsecurity-core-rule-set] Some XSS evasions
>       posted
>Message-ID: <20150915040305.GA18940 at elias>
>Content-Type: text/plain; charset=utf-8
>
>Good morning,
>
>What is funny about the paper is, that he lists contact with all the other
>vendors and how they reacted to his responsible disclosure, but this is
>missing for ModSec.
>
>Has there been no contact / no interest to patch in due time?
>
>Ahoj,
>
>Christian
>
>
>--
>It's easier to ask forgiveness, than it is to get permission.
>-- Radm Grace Hopper, aka Amazing Grace
>
>
>
>------------------------------
>
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
>http://scanmail.trustwave.com/?c=4062&d=ibz41bI2K9m7Ta3ev1ksnCpRdP9Fi1Gstu
>QOSnFydg&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow
>asp-modsecurity-core-rule-set
>
>
>End of Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5
>**************************************************************
>
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
>http://scanmail.trustwave.com/?c=4062&d=ibz41bI2K9m7Ta3ev1ksnCpRdP9Fi1Gstu
>QOSnFydg&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow
>asp-modsecurity-core-rule-set


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


More information about the Owasp-modsecurity-core-rule-set mailing list