Hey Walter, On Sun, Feb 28, 2016 at 05:54:53PM +0100, Walter Hop wrote: > - Rules not firing: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/289 > - php-function-names.data additions: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/290 > - Parentheses in php-function-names.data: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/291 > - php-variables.data evasions: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/293 > - Detect 'variable functions’: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/294 > - Add PHP specific files to lfi-os-files.data: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/295 > - Generic PHP serialized object injection: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/273
That's an impressive list. Very cool. Given the abundance of PHP CMS exploits, these rule improvements make a lot of sense. I am glad to see you attacking them. I hope to finish the paranoid stuff asap. Once the first pull request goes through, we are ready to push the rest. Cheers, Christian -- A happy life consists not in the absence, but in the mastery of hardships. --- Helen Keller _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
