WebApp Sec mailing list archives
Re: Apache mode_security
From: Ivan Ristic <ivan.ristic () gmail com>
Date: Wed, 16 Nov 2005 14:55:29 +0000
A collection of generic detection-only rules will be released on modsecurity.org some time next week. This collection will then be included with ModSecurity starting with 2.0. If you (or anyone else on the list, for that matter) want to evaluate the rules before their publication please send me a private email. I am looking for people running complex web applications able to provide raw logs or run ModSecurity in detection-only mode. The idea is to weed out the remaining false positives before the rule set hits the public. On 11/16/05, Serg Belokamen <serg.belokamen () gmail com> wrote:
I am look at mod_security module for Apache... looks interesting so far.
Can anyone point me in the right direction, URL perhaps, in regards to
regular expression list (if one exists) to detect common attacks over
HTTP (SQL injections, XSS, etc.)
Thanks,
Serg
-- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org
Current thread:
- Apache mode_security Serg Belokamen (Nov 16)
- Re: Apache mode_security Ivan Ristic (Nov 16)
- Re: Apache mode_security Stefano Di Paola (Nov 20)
- Re: Apache mode_security Ivan Ristic (Nov 25)
- Re: Apache mode_security Stefano Di Paola (Nov 26)
- Re: Apache mode_security Ivan Ristic (Nov 28)
- Re: Apache mode_security Stefano Di Paola (Dec 04)
- Re: Apache mode_security Stefano Di Paola (Nov 20)
- Re: Apache mode_security Ivan Ristic (Nov 16)
- <Possible follow-ups>
- RE: Apache mode_security Erez Schwarz (Nov 16)
- RE: Apache mode_security Serg B. (Nov 16)
- Re: Apache mode_security K K Mookhey (Nov 29)
- RE: Apache mode_security Serg B. (Nov 16)
- RE: Apache mode_security Ofer Shezaf (Nov 30)