Em 28/01/2015 06:16, < owasp-modsecurity-core-rule-set-requ...@lists.owasp.org> escreveu:
> Send Owasp-modsecurity-core-rule-set mailing list submissions to > owasp-modsecurity-core-rule-set@lists.owasp.org > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > or, via email, send a message with subject or body 'help' to > owasp-modsecurity-core-rule-set-requ...@lists.owasp.org > > You can reach the person managing the list at > owasp-modsecurity-core-rule-set-ow...@lists.owasp.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Owasp-modsecurity-core-rule-set digest..." > > > Today's Topics: > > 1. Re: Legitimate traffic being blocked (Chaim Sanders) > 2. Re: Legitimate traffic being blocked (Jacob Lear) > 3. problem executing external bash script (Sabin Ranjit) > 4. Re: problem executing external bash script (Sabin Ranjit) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 27 Jan 2015 15:56:49 +0000 > From: Chaim Sanders <csand...@trustwave.com> > To: "owasp-modsecurity-core-rule-set@lists.owasp.org" > <owasp-modsecurity-core-rule-set@lists.owasp.org> > Subject: Re: [Owasp-modsecurity-core-rule-set] Legitimate traffic > being blocked > Message-ID: > <f684bdd553baf1479f5380edad3be371f77...@skymb1.trustwave.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hello Jacob sorry for the slow response, > Based on your log file it seems clear that you are using an out dated > version of CRS. Updating may fix *some* of the false positives you are > facing. Upon inspecting your log the following rules are being triggered: > Detects concatenated basic SQL Injection and SQLLFI attempts > Request from Known SPAM Source > Restricted SQL Character anomaly detection alert > SQL Injection Attack: SQL Operator Detected > Request content type is not allowed by policy > It is possible that some or all of these are false positives based on how > the application is functioning. I suggest you follow the guidance set forth > in the following blog post ( > http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-exception-handling.html) > in order to analyze these events. If you are having additional issues > please be sure to reach out and we will try to address them as best as > possible. Thanks! > > > Chaim Sanders > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com > > > -----Original Message----- > From: Ryan Barnett > Sent: Tuesday, January 27, 2015 10:04 AM > To: Chaim Sanders > Subject: FW: [Owasp-modsecurity-core-rule-set] Legitimate traffic being > blocked > > On 1/23/15, 6:20 PM, "Jacob Lear" <ja...@fosterclub.com> wrote: > > >Hello, > > > >I am working on setting up better security for my Debian 6 server. I am > >new to ModSecurity and OWASP Core Rules. The problem that I'm having is > >that it is blocking legitimate traffic and I don't understand why or > >how to fix it. Can somebody help me? Here is some pretty detailed > >information about my environment and my problem. > > > >Apache2 is my webserver and it is installed from the Debian package. > >The version is 2.2.16-6+squeeze14. I'm using the Worker MPM. > >I installed ModSecurity from the Debian package. The version is: > >2.5.12-1+squeeze4 > >Per the recommendation of an article I found online, I installed OWASP > >2.2.5-0. I had initially tried the most recent version of OWASP but > >this gave me errors (due to my version of ModSecurity). > >I'm using PHP compiled from source, version 5.4.24. > >I'm using PHP-FPM FastCGI. > >I'm using MySQL 5.1.73-1+deb6u1. > >I'm using Memcached 2.1.0. > >ZendOpcode Cache 7.0.3 is installed. > >Website is built using the Drupal CMS, version 7.28. > >All non-SSL traffic is redirected to SSL. > > > >I had some troubles getting Apache2 to pass the configtest but I was > >able to find the proper configuration changes needed via Google > >searching. I enabled all of the rules as per the INSTALL instructions > >included in OWASP CRS. I also enabled the experimental Brute Force, > >DOS, and Slow DOS rules (these don't appear to be causing any issues.) > > > >I set ModSecurity to "On" mode but quickly got complaints from our > >staff being blocked by it. So now it is in "DetectionOnly" mode. I > >looked in the AuditLog but didn't see anything helpful in there (just a > >bunch of stuff about cookies -- perhaps because things in the 10 setup > >file are set to nolog?). However, the Apache2 SSL Error log shows a lot > >of information about the block attempts. > > > >Our staff users are connecting from the IP address 63.227.218.204, so I > >filtered the SSL Error Log to dump all entries with that IP address to > >a separate file. All of the warnings/errors in this log are legitimate > >traffic. So I need help tuning ModSecurity and OWASP to permit this > >traffic. I've attached the log file to this post. > >http://scanmail.trustwave.com/?c=4062&d=rNzC1FWzzHEEgobdigSUf2LNp5DNTN- > >GhD > >Vv7Jp46g&s=5&u=https%3a%2f%2fwww%2efosterclub%2ecom%2fsites%2fdefault%2 > >ffi > >les%2ffile%2foutput%2elog > > > >I have also attached my modsecurity.conf file and my > >modsecurity_crs_10_setup.conf file. > >http://scanmail.trustwave.com/?c=4062&d=rNzC1FWzzHEEgobdigSUf2LNp5DNTN- > >GhD > >Ns5sp46Q&s=5&u=https%3a%2f%2fwww%2efosterclub%2ecom%2fsites%2fdefault%2 > >ffi > >les%2ffile%2fmodsecurity%2econf > >http://scanmail.trustwave.com/?c=4062&d=rNzC1FWzzHEEgobdigSUf2LNp5DNTN- > >GhG > >Vrusp95w&s=5&u=https%3a%2f%2fwww%2efosterclub%2ecom%2fsites%2fdefault%2 > >ffi les%2ffile%2fmodsecurity%5fcrs%5f10%5fsetup%2econf > > > >I would very much appreciate any help anyone can offer. Please let me > >know if you need any additional information. Thanks! > > > > > >-- > > > >Jacob Lear > >Web Administrator > >FosterClub, Inc. > > > > > >--- > >This email has been checked for viruses by Avast antivirus software. > >http://scanmail.trustwave.com/?c=4062&d=rNzC1FWzzHEEgobdigSUf2LNp5DNTN- > >GhG Ey688p7w&s=5&u=http%3a%2f%2fwww%2eavast%2ecom > > > >_______________________________________________ > >Owasp-modsecurity-core-rule-set mailing list > >Owasp-modsecurity-core-rule-set@lists.owasp.org > >http://scanmail.trustwave.com/?c=4062&d=rNzC1FWzzHEEgobdigSUf2LNp5DNTN- > >GhG > >Q65sp85w&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2 > >fow > >asp-modsecurity-core-rule-set > > > ________________________________ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------ > > Message: 2 > Date: Tue, 27 Jan 2015 18:41:09 -0800 > From: Jacob Lear <ja...@fosterclub.com> > To: owasp-modsecurity-core-rule-set@lists.owasp.org > Subject: Re: [Owasp-modsecurity-core-rule-set] Legitimate traffic > being blocked > Message-ID: <54c84c45.6030...@fosterclub.com> > Content-Type: text/plain; charset=utf-8; format=flowed > > Hi Chaim, > > thanks for the response. I actually did stumble across that blog post > and tried to write some exceptions to get things working. There are SO > many exceptions needed though! I think I will try removing the DEB/RPM > of ModSecurity and try installing it from source. That way I will be > able to install the most recent version of CRS. > > So far this is what I've written for exceptions. Am I doing it correctly?? > > In modsecurity_crs_15_customerules.conf: > SecRule REQUEST_FILENAME "@rx /node/*/edit" > "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173" > > SecRule REQUEST_FILENAME "@streq /civicrm/contribute/search" > "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173" > > SecRule REQUEST_FILENAME "@streq /civicrm/ajax/inline" > "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173" > > > In modsecurity_crs_48_local_exceptions.conf: > SecRule REQUEST_FILENAME "@rx /node/*/edit" > "chain,phase:2,t:none,nolog,pass" > SecRule TX:'/^960010/' "@streq Item 1=1" "chain,t:none" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule REQUEST_FILENAME "@rx /node/*/edit" > "chain,phase:2,t:none,nolog,pass" > SecRule TX:'/^950109/' "@streq Item 1=1" "chain,t:none" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-2" > > SecRule TX:'/^950901.*ARGS:body[und][0][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^960024.*ARGS:body[und][0][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule TX:'/^960024.*ARGS:metatags[title][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule TX:'/^960024.*ARGS:metatags[title][default]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule TX:'/^981257.*ARGS:body[und][0][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981245.*ARGS:body[und][0][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981245.*ARGS:metatags[dcterms.rights][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981245.*ARGS:metatags[dcterms.rights][default]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981245.*ARGS:metatags[copyright][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981245.*ARGS:metatags[copyright][default]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981243.*ARGS:metatags[dcterms.rights][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981243.*ARGS:metatags[dcterms.rights][default]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981243.*ARGS:metatags[copyright][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981243.*ARGS:metatags[copyright][default]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973300.*ARGS:body[und][0][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973304.*ARGS:body[und][0][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973333.*ARGS:body[und][0][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973302.*ARGS:metatags[dcterms.format][value]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973302.*ARGS:metatags[dcterms.format][default]/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule REQUEST_FILENAME "@streq /modules/statistics/statistics.php" > "chain,phase:2,t:none,nolog,pass" > SecRule TX:'/^960010/' "@streq Item 1=1" "chain,t:none" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule REQUEST_FILENAME "@streq /ckeditor/xss" > "chain,phase:2,t:none,nolog,pass" > SecRule TX:'/^960010/' "@streq Item 1=1" "chain,t:none" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule REQUEST_FILENAME "@streq /ckeditor/xss" > "chain,phase:2,t:none,nolog,pass" > SecRule TX:'/^950109/' "@streq Item 1=1" "chain,t:none" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-2" > > SecRule TX:'/^950901.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^960024.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule TX:'/^981173.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule TX:'/^981257.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981245.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973300.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973304.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^973333.*ARGS:text/' ".*" "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981172.*REQUEST_COOKIES:CHOCOLATECHIPSSL/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-3" > > SecRule TX:'/^981247.*ARGS:crmasmSelect0/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981247.*ARGS:crmasmSelect1/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981247.*ARGS:crmasmSelect2/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981247.*ARGS:crmasmSelect3/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > SecRule TX:'/^981247.*ARGS:crmasmSelect4/' ".*" > "chain,phase:2,t:none,nolog,pass" > SecRule MATCHED_VAR_NAME "TX\:(.*)" > "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5" > > -- > > Jacob Lear > Web Administrator > FosterClub, Inc. > > > --- > This email has been checked for viruses by Avast antivirus software. > http://www.avast.com > > > > ------------------------------ > > Message: 3 > Date: Wed, 28 Jan 2015 13:27:57 +0545 > From: Sabin Ranjit <think.sa...@gmail.com> > To: mod-security-us...@lists.sourceforge.net, > owasp-modsecurity-core-rule-set@lists.owasp.org > Subject: [Owasp-modsecurity-core-rule-set] problem executing external > bash script > Message-ID: > <CAE9Kp-Ybfvhs8BEsPaR== > pi06-at8pi7mxlm73a++dpj+ff...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > hi, > I'm trying to send email when specific rule get matched in the modsecurity > but the modsecurity gives execution error in the mod_audit.log. > > I have written my own test rule like this: > > SecRule REQUEST_HEADERS:User-Agent "FAKE-USER" > "chain,deny,log,exec:/root/send_alert_email_fake-user.sh,id:1234123455" > SecRule REMOTE_ADDR "^192\.168\.203\.141" > > and my script looks like this: > > #!/bin/sh > echo "Fake user tried to access the web application" |mail -s "local server > under attack" u...@user.com > echo Done. > > The mod_audit.log is giving this message and email is being send. > > Message: Exec: Execution failed while reading output: > /root/send_alert_email_fake-user.sh (End of file found) > Message: Failed to execute: /root/send_alert_email_fake-user.sh > Message: Warning. Pattern match "^192\\.168\\.203\\.141" at REMOTE_ADDR. > [file > "/usr/share/modsecurity-crs/activated_rules/check_user_agent_email.conf"] > [line "1"] [id "1234123455"] > > Please help me to fix this? I'm also referencing ModSecurity 2.5 by Magnus > Mischel. > > thanks. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150128/286d00f4/attachment-0001.html > > > > ------------------------------ > > Message: 4 > Date: Wed, 28 Jan 2015 13:54:26 +0545 > From: Sabin Ranjit <think.sa...@gmail.com> > To: mod-security-us...@lists.sourceforge.net, > owasp-modsecurity-core-rule-set@lists.owasp.org > Subject: Re: [Owasp-modsecurity-core-rule-set] problem executing > external bash script > Message-ID: > <CAE9Kp-Y52o= > gt5du_amk3quprpvu26fzllkoz7z7u0ssmv9...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > email is not being send. > > On Wed, Jan 28, 2015 at 1:27 PM, Sabin Ranjit <think.sa...@gmail.com> > wrote: > > > hi, > > I'm trying to send email when specific rule get matched in the > modsecurity > > but the modsecurity gives execution error in the mod_audit.log. > > > > I have written my own test rule like this: > > > > SecRule REQUEST_HEADERS:User-Agent "FAKE-USER" > > "chain,deny,log,exec:/root/send_alert_email_fake-user.sh,id:1234123455" > > SecRule REMOTE_ADDR "^192\.168\.203\.141" > > > > and my script looks like this: > > > > #!/bin/sh > > echo "Fake user tried to access the web application" |mail -s "local > > server under attack" u...@user.com > > echo Done. > > > > The mod_audit.log is giving this message and email is being send. > > > > Message: Exec: Execution failed while reading output: > > /root/send_alert_email_fake-user.sh (End of file found) > > Message: Failed to execute: /root/send_alert_email_fake-user.sh > > Message: Warning. Pattern match "^192\\.168\\.203\\.141" at REMOTE_ADDR. > > [file > > "/usr/share/modsecurity-crs/activated_rules/check_user_agent_email.conf"] > > [line "1"] [id "1234123455"] > > > > Please help me to fix this? I'm also referencing ModSecurity 2.5 by > Magnus > > Mischel. > > > > thanks. > > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150128/75131767/attachment.html > > > > ------------------------------ > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > End of Owasp-modsecurity-core-rule-set Digest, Vol 69, Issue 3 > ************************************************************** >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
