This is what I recommend in these cases -
1. Create a positive security/input validation check against the parameter
that is causing the false positive. In this case it is the "code" parameter.
If it matches the expected input format, then move to step 2.
2. Then use the "ctl:ruleRemoveTargetById" action to conditionally remove
ARGS:code from inspection for rule 981173
The rule would look something like this (not tested)
SecRule ARGS:code "@rx ^[a-zA-z0-9\-_]+$"
"phase:request,id:12345,nolog,pass,ctl:ruleRemoveTargetById=981173;ARGS:code
"
Place this rule in a modsecurity_crs_00_custom.conf file so that it runs
BEFORE the normal CRS rules.
In general, this approach is more secure than just simply removing a
variable from inspection when you encounter a false positive.
-Ryan
From: Ilyass Kaouam <ilyassi...@gmail.com>
Reply-To: <ilyassi...@gmail.com>
Date: Friday, June 27, 2014 11:21 AM
To: Jamie Riden <jamie.ri...@gmail.com>
Cc: "owasp-modsecurity-core-rule-set@lists.owasp.org"
<owasp-modsecurity-core-rule-set@lists.owasp.org>
Subject: Re: [Owasp-modsecurity-core-rule-set] Problème with False
Positives
> Hi
>
> Thank you that work excellent :) :)
>
> Now when i try connect with Facebook It's block 'false positive'
>
> log:
> --be2b2979-H--
>
> Message: Access denied with code 403 (phase 2). Pattern match
> "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\
> xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}" at ARGS:code. [file
> "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attack
> s.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character
> Anomaly Detection Alert - Total # of special characters exceeded"] [data
> "Matched Data: - found within ARGS:code:
> AQAZzUllyzvnMFeI1YdJ7btTKpmdrAZ3VS-n5iyorHDhHpSzG6gpoRuEnzi9nNpX4RY8XP1O8W3WOe
> a-4NjU0r4S1QkiCKwpCea-smSIVe2WxCTEIu4eN7S4YVSENbyes9tTF_dt890NN64DhShsI72t5fus
> quL_iK7SIfEo03eaYNxIIn0IGAyY0l2IMUusVd24RFBiPKowLjRJrXC4NL02Ine0VJU0Nm57anPrK6
> gsuzMZG41hHbtWiqsyPtRusewjOOUmTMk0OTrXtm67sOUpCW7emT5gUsGKPlJy_efQ-Q5QTgpl0xcw
> Offuu4ATeBA"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
> "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]
>
> Action: Intercepted (phase 2)
>
> Apache-Handler: proxy-server
>
> Stopwatch: 1403881875314702 2150 (- - -)
>
> Stopwatch2: 1403881875314702 2150; combined=1886, p1=90, p2=1793, p3=0, p4=0,
> p5=3, sr=26, sw=0, l=0, gc=0
>
> Response-Body-Transformed: Dechunked
>
> Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/);
> OWASP_CRS/2.2.9. <http://2.2.9.>
>
> Server: Apache
>
> Engine-Mode: "ENABLED"
>
>
> I can use
> SecRuleUpdateTargetById 960024 !ARGS:/^code/
>
> OR it's dangerous ?
>
>
>
>
> 2014-06-27 16:08 GMT+01:00 Jamie Riden <jamie.ri...@gmail.com>:
>> Would
>>
>> SecRuleUpdateTargetById 960024 !ARGS:/^telfaxmailweb/
>>
>> be better in this instance? (ie. anchor the start of line.)
>>
>> cheers,
>> Jamie
>>
>> On 27 June 2014 15:57, Josh Amishav-Zlatin <jam...@owasp.org> wrote:
>>> > On Fri, Jun 27, 2014 at 5:41 PM, Ilyass Kaouam <ilyassi...@gmail.com>
>>> wrote:
>>>> >>
>>>> >> hi thank you for your replay
>>>> >> BUT the problem is that the number telfaxmailweb_1_171833 /
>>>> >> telfaxmailweb_1_142609 .... changes (non-static).
>>>> >> have you an idea
>>>> >>
>>> >
>>> > Hi Ilyass,
>>> >
>>> > Try using a regex in your exception, e.g.:
>>> > SecRuleUpdateTargetById 960024 !ARGS:/telfaxmailweb/
>>> >
>>> > --
>>> > - Josh
>>> >
>>>> >>
>>>> >> thank you
>>>> >>
>>>> >>
>>>> >> 2014-06-27 8:04 GMT+01:00 Josh Amishav-Zlatin <jam...@owasp.org>:
>>>> >>
>>>>> >>> On Thu, Jun 26, 2014 at 5:43 PM, Ilyass Kaouam <ilyassi...@gmail.com>
>>>>> >>> wrote:
>>>>>> >>>>
>>>>>> >>>> Hi Josh.
>>>>>> >>>>
>>>>>> >>>> It's work very good thank you :) :) :)
>>>>>> >>>>
>>>>>> >>>> I have another block :( please help me
>>>>> >>>
>>>>> >>>
>>>>> >>> Hi Ilyass,
>>>>> >>>
>>>>> >>> In this case there is a hyphen in the telfaxmailweb_1_171833 parameter
>>>>> >>> value. Try using the SecRuleUpdateTargetById directive, e.g.
>>>>> >>> SecRuleUpdateTargetById 960024 !ARGS:telfaxmailweb_1_171833
>>>>> >>>
>>>>> >>> For details see:
>>>>> >>>
>>>>> >>>
>>>>> http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-
>>>>> exception-handling.html
>>>>> >>>
>>>>> >>> --
>>>>> >>> - Josh
>>>>> >>>
>>>>>> >>>>
>>>>>> >>>> log:
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> --9b18757a-A--
>>>>>> >>>>
>>>>>> >>>> [26/Jun/2014:16:35:15 +0200] U6wvo38AAAEAAFCgA4AAAAAK
>>>>>> >>>>
>>>>>> >>>> --9b18757a-B--
>>>>>> >>>>
>>>>>> >>>> POST /beta/societe-contribEnt HTTP/1.1
>>>>>> >>>>
>>>>>> >>>> Host: www.
>>>>>> >>>>
>>>>>> >>>> xxxx
>>>>>> >>>> .
>>>>>> >>>> xxx
>>>>>> >>>>
>>>>>> >>>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0)
>>>>>> >>>> Gecko/20100101 Firefox/30.0
>>>>>> >>>>
>>>>>> >>>> Accept: */*
>>>>>> >>>>
>>>>>> >>>> Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
>>>>>> >>>>
>>>>>> >>>> Accept-Encoding: gzip, deflate
>>>>>> >>>>
>>>>>> >>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
>>>>>> >>>>
>>>>>> >>>> X-Requested-With: XMLHttpRequest
>>>>>> >>>>
>>>>>> >>>> Referer: http://www.
>>>>>> >>>>
>>>>>> >>>> xxxx
>>>>>> >>>> .ma/beta/
>>>>>> >>>> xxxxx
>>>>>> >>>> ?action=edit
>>>>>> >>>>
>>>>>> >>>> Content-Length: 1735
>>>>>> >>>>
>>>>>> >>>> Cookie: JSESSIONID=2A3D8D47FE45427E1AAFC69A2FA48F7B;
>>>>>> >>>> __utma=111125463.1234468951.1403792976.1403792976.1403792976.1;
>>>>>> >>>> __utmb=111125463.7.10.1403792976; __utmc=111125463;
>>>>>> >>>>
>>>>>>
__utmz=111125463.1403792976.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
>>>>>> >>>>
>>>>>> >>>> Connection: keep-alive
>>>>>> >>>>
>>>>>> >>>> Pragma: no-cache
>>>>>> >>>>
>>>>>> >>>> Cache-Control: no-cache
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> --9b18757a-C--
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> codeAction=1&entid=151549&bilid=148614&idMkt=1628&denomination=INFORISK&d
>>>>>> enomination_dirty=&entrc=135529&entrc_dirty=&tribunal=12&tribunal_dirty=&
>>>>>> fmj=Soci%C3%A9t%C3%A9+Anonyme&fmj_dirty=&capital=12+650+000+Dirhams&capit
>>>>>> al_dirty=&adresse=43%2C+Boulevard+D'anfa&adresse_dirty=&ville=1488&ville_
>>>>>> dirty=&activite=+Collecte%2C+traitement+et+vente+des+informations+financi
>>>>>> %C3%A8res%2C+l%C3%A9gales+et+commerciales&activite_dirty=&effectif_dirty=
>>>>>> &effectif=30&segmentEffectif_dirty=&segmentEffectif=2&effectifCadre_dirty
>>>>>> =&effectifCadre=0&telfaxmailweb_1_171833_dirty=&telfaxmailweb_1_171833=05
>>>>>> -22-27-64-10&telfaxmailweb_1_142609_dirty=&telfaxmailweb_1_142609=05-22-4
>>>>>> 2-90-87&telfaxmailweb_1_0_2_dirty=&telfaxmailweb_1_0_2=__-__-__-__-__&tel
>>>>>> faxmailweb_1_0_3_dirty=&telfaxmailweb_1_0_3=__-__-__-__-__&telfaxmailweb_
>>>>>> 2_142611_dirty=&telfaxmailweb_2_142611=05-22-27-64-16&telfaxmailweb_2_0_1
>>>>>> _dirty=&telfaxmailweb_2_0_1=__-__-__-__-__&telfaxmailweb_2_0_2_dirty=&tel
>>>>>> faxmailweb_2_0_2=__-__-__-__-__&telfaxmailweb_2_0_3_dirty=&telfaxmailweb_
>>>>>> 2_0_3=__-__-__-__-__&telfaxmailweb_3_142612_dirty=&telfaxmailweb_3_142612
>>>>>> =info%40inforisk.ma <http://40inforisk.ma>
>>>>>> &telfaxmailweb_3_0_1_dirty=&telfaxmailweb_3_0_1=&telfaxmailweb_3_0_2_dirt
>>>>>> y=&telfaxmailweb_3_0_2=&telfaxmailweb_3_0_3_dirty=&telfaxmailweb_3_0_3=&t
>>>>>> elfaxmailweb_4_142608_dirty=&telfaxmailweb_4_142608=www.inforisk.ma
>>>>>> <http://www.inforisk.ma>
>>>>>> &telfaxmailweb_4_0_1_dirty=&telfaxmailweb_4_0_1=&telfaxmailweb_4_0_2_dirt
>>>>>> y=&telfaxmailweb_4_0_2=&telfaxmailweb_4_0_3_dirty=&telfaxmailweb_4_0_3=&i
>>>>>> dMktRefTypeContact_31241_dirty=&idMktRefTypeContact_31241=1&nom_31241=Ayo
>>>>>> uch&nom_31241_dirty=&prenom_31241=Khalid&prenom_31241_dirty=&tel_31241=__
>>>>>> -__-__-__-__&tel_31241_dirty=&email_31241=test%40gmail.com
>>>>>> <http://40gmail.com>
>>>>>> &email_31241_dirty=1&contact_31241=1&contact_31241_dirty=1
>>>>>> >>>>
>>>>>> >>>> --9b18757a-F--
>>>>>> >>>>
>>>>>> >>>> HTTP/1.1 403 Forbidden
>>>>>> >>>>
>>>>>> >>>> Content-Length: 225
>>>>>> >>>>
>>>>>> >>>> Connection: close
>>>>>> >>>>
>>>>>> >>>> Content-Type: text/html; charset=iso-8859-1
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> --9b18757a-E--
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> --9b18757a-H--
>>>>>> >>>>
>>>>>> >>>> Message: Access denied with code 403 (phase 2). Pattern match
>>>>>> >>>>
>>>>>> "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\
>>>>>> \xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}"
>>>>>> >>>> at ARGS:telfaxmailweb_1_171833. [file
>>>>>> >>>>
>>>>>> "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_a
>>>>>> ttacks.conf"]
>>>>>> >>>> [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character
>>>>>> Anomaly
>>>>>> >>>> Detection Alert - Total # of special characters exceeded"] [data
>>>>>> "Matched
>>>>>> >>>> Data: - found within ARGS:telfaxmailweb_1_171833: 05-22-27-64-10"]
[ver
>>>>>> >>>> "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
>>>>>> >>>> "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]
>>>>>> >>>>
>>>>>> >>>> Action: Intercepted (phase 2)
>>>>>> >>>>
>>>>>> >>>> Apache-Handler: proxy-server
>>>>>> >>>>
>>>>>> >>>> Stopwatch: 1403793315275899 22265 (- - -)
>>>>>> >>>>
>>>>>> >>>> Stopwatch2: 1403793315275899 22265; combined=9584, p1=187, p2=9377,
>>>>>> >>>> p3=0, p4=0, p5=20, sr=28, sw=0, l=0, gc=0
>>>>>> >>>>
>>>>>> >>>> Response-Body-Transformed: Dechunked
>>>>>> >>>>
>>>>>> >>>> Producer: ModSecurity for Apache/2.7.3
>>>>>> (http://www.modsecurity.org/);
>>>>>> >>>> OWASP_CRS/2.2.9. <http://2.2.9.>
>>>>>> >>>>
>>>>>> >>>> Server: Apache
>>>>>> >>>>
>>>>>> >>>> Engine-Mode: "ENABLED"
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> --9b18757a-Z--
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> 2014-06-26 13:44 GMT+01:00 Josh Amishav-Zlatin <jam...@owasp.org>:
>>>>>> >>>>
>>>>>>> >>>>> On Thu, Jun 26, 2014 at 3:19 PM, Ilyass Kaouam
>>>>>>> <ilyassi...@gmail.com>
>>>>>>> >>>>> wrote:
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Hi guys.
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> I not understand why modsecurity blocking my request with the
>>>>>>>> >>>>>> character "à" in french.
>>>>>>>> >>>>>> log:
>>>>>>> >>>>>
>>>>>>> >>>>>
>>>>>>> >>>>> Hi Ilyass,
>>>>>>> >>>>>
>>>>>>> >>>>> Take a look at the SecUnicodeCodePage and SecUnicodeMapFile
>>>>>>> directives.
>>>>>>> >>>>> For more information see:
>>>>>>> >>>>>
>>>>>>> >>>>> http://blog.spiderlabs.com/2012/08/waf-normalization-and-i18n.html
>>>>>>> >>>>>
>>>>>>> >>>>> --
>>>>>>> >>>>> - Josh
>>>>>>> >>>>>
>>>>>>> >>>>>
>>>>>>> >>>>>
>>>>>>> >>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> --169a1612-A--
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> [26/Jun/2014:11:48:57 +0200] U6vsiX8AAAEAAEkNI7cAAAAQ
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> --169a1612-B--
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> POST /beta/societe-xxxxxr HTTP/1.1
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Host: www.xxxx.xx
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0)
>>>>>>>> >>>>>> Gecko/20100101 Firefox/30.0
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Accept: */*
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Accept-Encoding: gzip, deflate
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> X-Requested-With: XMLHttpRequest
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Referer: http://www.xxx.xxx/beta/societe-xxxx
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Content-Length: 760
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Cookie: JSESSIONID=DC9410B3998A7E973EDBA0ED638F5B40;
>>>>>>>> >>>>>> __utma=111125463.1374472637.1403014671.1403719512.1403772965.34;
>>>>>>>> >>>>>>
>>>>>>>> __utmz=111125463.1403435014.17.3.utmcsr=google|utmccn=(organic)|utmcmd=
>>>>>>>> organic|utmctr=(not%20provided);
>>>>>>>> >>>>>> __utmb=111125463.24.10.1403772965; __utmc=111125463;
>>>>>>>> >>>>>> JSESSIONID=EB7E51CFBA0B811E9335731DA6A26A08
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Connection: keep-alive
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Pragma: no-cache
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Cache-Control: no-cache
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> --169a1612-C--
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> codeAction=1&entid=367928&bilid=321761&idMkt=672&denomination=&capital=
>>>>>>>> 10+000+&activite=PRODUCTION+DES+FILMS+CINEMATOGRAPHIQUES+ET+AUDIOVISEUL
>>>>>>>> &effectif=0&effectifCadre=0&segmentEffectif=1&dateContribution=17%2F08%
>>>>>>>> 2F13+%C3%A0+15%3A41&loginUser=nabilchant%40hotmail.fr
>>>>>>>> <http://40hotmail.fr> &emailUser=nabilchant%40hotmail.fr
>>>>>>>> <http://40hotmail.fr>
>>>>>>>> &id=672&denomination_validator=&rc_validator=&tribunal_validator=&fmj_v
>>>>>>>> alidator=&capital_validator=&adresse_validator=&ville_validator=&activi
>>>>>>>> te_validator=&effectif_validator=&segmentEffectif_validator=&effectifCa
>>>>>>>> dre_validator=&telfaxmailweb_734=on&telfaxmailweb_734_validator=1&data_
>>>>>>>> 734=0610357910&type_734=1&idMktTelfaxmailweb_734=0&telfaxmailweb_735=on
>>>>>>>> &telfaxmailweb_735_validator=1&data_735=0633327850&type_735=1&idMktTelf
>>>>>>>> axmailweb_735=0&statut=1&remarque=
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> --169a1612-F--
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> HTTP/1.1 403 Forbidden
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Content-Length: 245
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Connection: close
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Content-Type: text/html; charset=iso-8859-1
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> --169a1612-E--
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> --169a1612-H--
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Message: Access denied with code 403 (phase 2). Pattern match
>>>>>>>> >>>>>> "\\W{4,}" at ARGS:dateContribution. [file
>>>>>>>> >>>>>>
>>>>>>>> "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_40_generic_attac
>>>>>>>> ks.conf"]
>>>>>>>> >>>>>> [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly
>>>>>>>> Detection
>>>>>>>> >>>>>> Alert - Repetative Non-Word Characters"] [data "Matched Data:
>>>>>>>> \xc3\xa0
>>>>>>>> >>>>>> found within ARGS:dateContribution: 17/08/13 \xc3\xa0 15:41"]
[ver
>>>>>>>> >>>>>> "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"]
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Action: Intercepted (phase 2)
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Apache-Handler: proxy-server
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Stopwatch: 1403776137380257 11043 (- - -)
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Stopwatch2: 1403776137380257 11043; combined=642, p1=224,
>>>>>>>> p2=399,
>>>>>>>> >>>>>> p3=0, p4=0, p5=19, sr=37, sw=0, l=0, gc=0
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Response-Body-Transformed: Dechunked
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Producer: ModSecurity for Apache/2.7.3
>>>>>>>> (http://www.modsecurity.org/);
>>>>>>>> >>>>>> OWASP_CRS/2.2.9. <http://2.2.9.>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Server: Apache
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> Engine-Mode: "ENABLED"
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> --169a1612-Z--
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> how to allow these types of characters.
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> thank you.
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>> >>>>>> _______________________________________________
>>>>>>>> >>>>>> Owasp-modsecurity-core-rule-set mailing list
>>>>>>>> >>>>>> Owasp-modsecurity-core-rule-set@lists.owasp.org
>>>>>>>> >>>>>>
>>>>>>>> >>>>>>
>>>>>>>>
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>>>>>>>> >>>>>>
>>>>>>> >>>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> --
>>>>>> >>>> Ilyass kaouam
>>>>>> >>>> Systems administrator at Inforisk Group Finaccess
>>>>>> >>>> European Masters in Information Technology
>>>>>> >>>> Portable : (212) 6 34 57 14 36
>>>>>> >>>> http://www.inforisk.ma
>>>>> >>>
>>>>> >>>
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> Ilyass kaouam
>>>> >> Systems administrator at Inforisk Group Finaccess
>>>> >> European Masters in Information Technology
>>>> >> Portable : (212) 6 34 57 14 36
>>>> >> http://www.inforisk.ma
>>> >
>>> >
>>> >
>>> > _______________________________________________
>>> > Owasp-modsecurity-core-rule-set mailing list
>>> > Owasp-modsecurity-core-rule-set@lists.owasp.org
>>> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>>> >
>>
>>
>>
>> --
>> Jamie Riden / ja...@honeynet.org / jamie.ri...@gmail.com
>> http://uk.linkedin.com/in/jamieriden
>
>
>
> --
> Ilyass kaouam
> Systems administrator at Inforisk Group Finaccess
> European Masters in Information Technology
> Portable : (212) 6 34 57 14 36
> http://www.inforisk.ma <http://www.inforisk.ma>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
