Hello,
Thank you for your feedback. It was that, i did not have my ModSecurity instance on ON. It was on DectectionOnly. Now, i have another problem with sites running on Symphony 2. Do you have specific rules for this framework ? A lot of links to web pages are not available when ModSecurity intance is ON, when i change it to DetectionOnly the web application is 100% available. Please, could you help with that ? The errors regarding "SQL injection" are not true i think. And the mentioned errors by ModSecurity are not so detailed. Reginal On Mon, Feb 9, 2015 at 8:40 PM, Chaim Sanders <csand...@trustwave.com> wrote: > Not being able to see your configuration, I am assuming that you do not > have your ModSecurity instance in blocking mode. I suggest you check the > SecRuleEngine configuration option ( > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleEngine) > and also ensure that ModSecurity is working properly. Unless this is a very > novel SQL injection attack (in which case we can amend the rules to detect > it) it should be detected by ModSecurity. Try pasting your payload in our > demo site to ensure it will be detected by stock CRS rules ( > http://modsecurity.org/crs-demo.html). Hope this helps! > > > > > > *Chaim Sanders * > > Security Researcher, SpiderLabs > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > > *From:* owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto: > owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] *On Behalf Of > *Reginal > Laurent > *Sent:* Monday, February 9, 2015 3:23 AM > *To:* owasp-modsecurity-core-rule-set@lists.owasp.org > *Subject:* [Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows > server 2008 R2 > > > > Hello, > > > > I have a Windows Server 2008 R2 running Apache2 and PHP. I have > configured Modsecurity for protection against Injection SQL or other > attacks. > > However, when i scanned vulnerabilities on my server, i still have > Injection SQL vulnerabilities and other based attacks. Is it normal ? Could > you help me ? > > > > Thank you for feedback. > > > > -- > > Cordialement, > > ------------------------- > > > Réginal LAURENT > Ingénieur Réseaux et Sécurité des SI > CCNA - ID: CSCO12321512 > skype : laurent.reginal > Site perso : reginallaurent.info > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
