Because the commercial rule set is not available, is the  “Blocking Based on IP 
Reputation” effective?

---

 

Arthur Johnston

 

From: Osama Elnaggar [mailto:oelnagga...@gmail.com] 
Sent: Sunday, August 13, 2017 6:34 PM
To: Arthur E. Johnston <arthurjohns...@verizon.net>; 
owasp-modsecurity-core-rule-set@lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] Typo in 
"REQUEST-910-IP-REPUTATION.CONF"

 

Yes.  The rule is commented out because the blacklist mentioned is not provided 
/ is commercial.  It is part of TrustWave’s commercial ruleset - 
https://www.modsecurity.org/commercial-rules.html 

 

-- 
Osama Elnaggar

 

On August 14, 2017 at 11:27:28 AM, Arthur E. Johnston 
(arthurjohns...@verizon.net <mailto:arthurjohns...@verizon.net> ) wrote:

Excuse the interruption.  I am just reviewing the rules to better understand 
their functions.  Honestly, I am lost, but learning.

 

While browsing rule “REQUEST-910-IP-REPUTATION.CON”, I discovered a hashtag ‘#’ 
on line 92, effectively commenting out the beginning of the rule and causing it 
to be ineffective.  

 

Or am I mistaken?

 

 

#SecRule TX:REAL_IP "@ipMatchFromFile ip_blacklist.data" \

  "msg:'Client IP in Trustwave SpiderLabs IP Reputation Blacklist.',\

 

Arthur Johnston

 

_______________________________________________ 
Owasp-modsecurity-core-rule-set mailing list 
Owasp-modsecurity-core-rule-set@lists.owasp.org 
<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org>  
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set 

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to