Re: [Owasp-modsecurity-core-rule-set] Typo in "REQUEST-910-IP-REPUTATION.CONF"
Because the commercial rule set is not available, is the “Blocking Based on IP Reputation” effective? --- Arthur Johnston From: Osama Elnaggar [mailto:oelnagga...@gmail.com] Sent: Sunday, August 13, 2017 6:34 PM To: Arthur E. Johnston <arthurjohns...@verizon.net>; owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Re: [Owasp-modsecurity-core-rule-set] Typo in "REQUEST-910-IP-REPUTATION.CONF" Yes. The rule is commented out because the blacklist mentioned is not provided / is commercial. It is part of TrustWave’s commercial ruleset - https://www.modsecurity.org/commercial-rules.html -- Osama Elnaggar On August 14, 2017 at 11:27:28 AM, Arthur E. Johnston (arthurjohns...@verizon.net <mailto:arthurjohns...@verizon.net> ) wrote: Excuse the interruption. I am just reviewing the rules to better understand their functions. Honestly, I am lost, but learning. While browsing rule “REQUEST-910-IP-REPUTATION.CON”, I discovered a hashtag ‘#’ on line 92, effectively commenting out the beginning of the rule and causing it to be ineffective. Or am I mistaken? #SecRule TX:REAL_IP "@ipMatchFromFile ip_blacklist.data" \ "msg:'Client IP in Trustwave SpiderLabs IP Reputation Blacklist.',\ Arthur Johnston ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org <mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
[Owasp-modsecurity-core-rule-set] Typo in "REQUEST-910-IP-REPUTATION.CONF"
Excuse the interruption. I am just reviewing the rules to better understand their functions. Honestly, I am lost, but learning. While browsing rule "REQUEST-910-IP-REPUTATION.CON", I discovered a hashtag '#' on line 92, effectively commenting out the beginning of the rule and causing it to be ineffective. Or am I mistaken? #SecRule TX:REAL_IP "@ipMatchFromFile ip_blacklist.data" \ "msg:'Client IP in Trustwave SpiderLabs IP Reputation Blacklist.',\ Arthur Johnston ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
Re: [Owasp-modsecurity-core-rule-set] Whitelist?
Thank you! Arthur Johnston Meadowbrook Kennels From: Osama Elnaggar [mailto:oelnagga...@gmail.com] Sent: Tuesday, July 04, 2017 6:56 PM To: Arthur E. Johnston <arthurjohns...@verizon.net>; owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Re: [Owasp-modsecurity-core-rule-set] Whitelist? If you are using CRS 3, you have your request exclusion rules in the file REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example Remove the .example and uncomment the exclusion rules you want. Here is an example of a commented rule that will whitelist an IP: # White-list ASV network block (no blocking or logging of AVS traffic) Update # IP network block as appropriate for your AVS traffic # # ModSec Rule Exclusion: Disable Rule Engine for known ASV IP # SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \ # "phase:1,id:1000,pass,nolog,ctl:ruleEngine=Off" Even if you aren't using CRS, you can use the above rule and customize it with the IP you want to whitelist -- Osama Elnaggar On July 5, 2017 at 11:27:31 AM, Arthur E. Johnston (arthurjohns...@verizon.net <mailto:arthurjohns...@verizon.net> ) wrote: Does a method exist to whitelist an IP address? Thank you, Arthur Johnston Meadowbrook Kennels Home of Seacrest Cocker Spaniels & Meadowbrook Border Terriers http://www.seacrestcockers.com http://www.meadowbrook.co ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org <mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
[Owasp-modsecurity-core-rule-set] Whitelist?
Does a method exist to whitelist an IP address? Thank you, Arthur Johnston Meadowbrook Kennels Home of Seacrest Cocker Spaniels & Meadowbrook Border Terriers http://www.seacrestcockers.com http://www.meadowbrook.co ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
[Owasp-modsecurity-core-rule-set] Modsecurity CRS for. Joomla! ??
Does a CRS ver.3.0 exist for Joomla! The only version currently available for Joomla! is 2.9 and that is very outdated/not usable with current versions. Thank you in advance. Arthur Johnston Sent from my iPhone. Please excuse The typos. ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
