Not enought familiar with modsecurity. Just wondering, that there is no any rule to block trace in crs. is there easy way to implement that?
-- Eero On Wed, Mar 21, 2018 at 11:53 AM, Christian Folini < christian.fol...@netnea.com> wrote: > Hey Eero, > > The TRACE method is somewhat special. At least in Apache. The request > skips phase 2 and thus the CRS rule covering tx.allowed_methods. > > There are discussions to move this block of rules to phase 1 though. > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1015 > > You may want to chime in there. > > Ahoj, > > Christian > > On Wed, Mar 21, 2018 at 09:15:52AM +0200, Eero Volotinen wrote: > > Hi, > > > > Just noticed that crs ruleset is not blocking trace method, even > > setvar:'tx.allowed_methods=GET POST'" > > > > Is this a bug? > > > > Eero > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > > mod-security-users mailing list > > mod-security-us...@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:christian.fol...@netnea.com > twitter: @ChrFolini > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod-security-us...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set