In general some of these problems may be due to very general issues present across a number of specific platforms. In general observing common vulnerabilities across a few of these should allow you to identify rules that are prone to false positives (which is the whole reasoning behind the paranoid mode) hopefully when this project is finished it will provide a bit of relief. But for the mean time I recommend identifying the common false positives and possible relaxing them or turning those rules off even
From: <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org>> on behalf of Avi Fatal <avi.fa...@gmail.com<mailto:avi.fa...@gmail.com>> Date: Tuesday, March 1, 2016 at 2:06 PM To: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: [Owasp-modsecurity-core-rule-set] Handling mod security as a firewall for all kind of web sites Hi, We are 200 of websites / webapps for our clients. >From wordpress to .net apps, java and more. We want to provide a united waf solution for all of them. going to cloud will be very expensive. I have built for this an Apache proxy with mod security and owasp rules. the mod security is not blocking, just logging. I took 10 websites and and pass the traffic via this proxy. after 5 minutes I opened the log and saw 150 different types of security issues. Its more of a conceptual question... How can I manage a solution for 200 of webapps? does it makes sense? I can understand controlling on five websites, but 200 ? its sounds like 24 hours we need to go over rules and suspend them on every usecase.... Ill be glad to hear from people who has an experience with that. Thanks ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
