There is a spare time activity which I enjoy in off hours. I go to reddit or twitter or some other site where web attack ideas are traded. I look for new exploits or evasions and try and run them against a local webserver to see if the OWASP ModSecurity Core Rules would block the […]
This is one for the pen-testers. We all know it’s fairly simple to fingerprint a webserver and fingerprinting a web application firewall like ModSecurity is probably even easier. It takes a bit of knowledge though and if you want to drill down on the ruleset, you should now the ruleset a bit. So here is […]
The ModSecurity Web Application Firewall is hard. It’s a complex piece of software with a complicated configuration language. There are rough edges and if you happen to run the OWASP ModSecurity Core Rules, then you are likely to get more false alarms, than you are prepared for. There is Ivan Ristić’s ModSecurity Handbook which serves […]
Since a very long time, the rsyslog documentation mentions a lookup table feature, but as a proposal only. However, it is fully implemented as of version 8.18.0 and should become official “very soon”. On top of this, there is a bug in the documentation so the page explaining the actual implementation is not linked from […]
Truth be told, ModSecurity does not have a random function. If we need random numbers, we need to get them ourselves. Josh Zlatin has shown how you can do this with lua. If we do not want to use lua, we are left on your own devices. I am not in need of cryptographically secure […]