To debug HTTP requests, it may be useful to capture traffic and look at the packets that are sent back and forth between the client and the server. This is trivial when HTTP requests are sent over an unencrypted channel. In this case it is easy enough to use a tool like tcpdump to capture […]
The ModSecurity / OWASP Core Rule Set tutorials here at netnea.com are visited by over 8,000 times a month. With many of the unique visitors, the auxiliary script modsec-rulereport.rb is a favorite. The tool allows you to generate rule exclusions based on a ModSecurity rule alert message. Today, I’m presenting you a new version of […]
Running ModSecurity CRS for the first time on an existing service is like a jump into murky water.
With the sampling mode you can run CRS on a limited percentage of the traffic, which reduces the risk a big deal.
The phasing out of legacy encryption protocols like TLS 1.0 or the family of CBC encryption ciphers is a recurring necessity. This has been going on for many years. And it will only be a few years until TLS 1.2 should be retired in favor of its successor TLS 1.3. When disabling one of the […]
This is a blog post about a new script, that will execute a request in order trigger an arbitrary Core Rule Set anomaly score. The OWASP ModSecurity Core Rule Set (short CRS) is a scoring rule set with individual rules working together to assess an incoming request and assigning it an anomaly score. An administrator […]