Core ModSecurity Rule Set ver.1.5 | Search for a title, author or keyword | ||||||||
Core ModSecurity Rule Set ver.1.5 Core ModSecurity Rule Set ver.1.5, Copyright (C) 2006-2007 Breach Security Inc. This directory contains the files for Core ModSecurity Rule Set. The rules are compatible with ModSecurity 2.5 ( as of version 1.4.3 ). ModSecurity™is an open source, free web application firewall ( WAF ) Apache module. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure. Web servers are typically well-equipped to log traffic in a form useful for marketing analyses, but fall short logging traffic to web applications. In particular, most are not capable of logging the request bodies. Your adversaries know this, and that is why most attacks are now carried out via POST requests, rendering your systems blind. ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. In addition to providing logging facilities, ModSecurity can monitor the HTTP traffic in real time in order to detect attacks. In this case, ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems. Using ModSecurity requires rules. In order to enable users to take full advantage of ModSecurity immediately, Breach Security Inc. is providing a free Core rule set. Keep in mind that a predefined rule set is only part of the work required to protect your web site. You may also consider writing custom rules for providing a positive security envelope to your application or critical parts of it. The Core Rule Set is heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity. Configuration files: modsecurity_crs_10_config.conf ( define which part of the HTTP transaction to inspect ); modsecurity_crs_20_protocol_violations.conf ( in some cases a valid client, usually automated, generates requests that violates the HTTP protocol. Create exceptions for those clients ); modsecurity_crs_21_protocol_anomalies.conf ( a part of the preview set ); modsecurity_crs_23_request_limits.conf ( this file creates limitations on the request: for example, a request with 400 arguments, can be suspicious ); modsecurity_crs_30_http_policy.conf ( few applications require the breadth and depth of the HTTP protocol. On the other hand many attacks abuse valid but rare HTTP use patterns ); modsecurity_crs_35_bad_robots.conf ( bad robots detection should not be viewed as a security mechanism against targeted attacks but rather as a nuisance reduction, eliminating most of the random attacks against your web site ); modsecurity_crs_40_generic_attacks.conf ( while some of the pattern groups such as command injection are usually safe of false positives, other pattern groups such as SQL injection and XSS may require setting exceptions ); modsecurity_crs_45_trojans.conf ( detects access to known Trojans already installed on a server ); modsecurity_crs_50_outbound.conf ( a non standard of the 501 status code which normally refers to unsupported HTTP methods. It is used in order to confuse automated clients and scanners ).
|
|||||||||
Core ModSecurity Rule Set ver.1.5 | Disclaimer: this link points to content provided by other sites. |