Re: [Owasp-modsecurity-core-rule-set] WebSocket CRS Rules

[Christian Folini]

Hello Hiranmayi,

Having them would be very interesting of course.

It is not so clear how far you can get. I usually declare that ModSec is no
good fighting standard DoS attacks. As for websockets, you may face a problem
where ModSecurity does not give you proper access to the traffic in question.

Checking standard HTTP headers should not be a proble, though and writing a
few rules for the websocket use case seems feasible.

Ahoj,

Christian

On Thu, May 17, 2018 at 05:44:09PM +, Hiranmayi Palanki wrote:
> Hello Christian and Team,
> 
> I'm interested in the community's thoughts on having CRS rules or Custom 
> Rules for detecting attacks against WebSocket connections, specifically DoS 
> and Websocket header tampering.
> 
> Thanks.
> 
> 
> American Express made the following annotations
> **
> "This message and any attachments are solely for the intended recipient and 
> may contain confidential or privileged information. If you are not the 
> intended recipient, any disclosure, copying, use, or distribution of the 
> information included in this message and any attachments is prohibited. If 
> you have received this communication in error, please notify us by reply 
> e-mail and immediately and permanently delete this message and any 
> attachments. Thank you."
> 
> American Express a ajout? le commentaire suivant le Ce courrier et toute 
> pi?ce jointe qu'il contient sont r?serv?s au seul destinataire indiqu? et 
> peuvent renfermer des 
> renseignements confidentiels et privil?gi?s. Si vous n'?tes pas le 
> destinataire pr?vu, toute divulgation, duplication, utilisation ou 
> distribution du courrier ou de toute pi?ce jointe est interdite. Si vous avez 
> re?u cette communication par erreur, veuillez nous en aviser par courrier et 
> d?truire imm?diatement le courrier et les pi?ces jointes. Merci.
> 
> **

> ___
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set


-- 
https://www.feistyduck.com/training/modsecurity-training-course
https://www.feistyduck.com/books/modsecurity-handbook/
mailto:christian.fol...@netnea.com
twitter: @ChrFolini
___
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

[Owasp-modsecurity-core-rule-set] WebSocket CRS Rules

[Hiranmayi Palanki]

Hello Christian and Team,

I'm interested in the community's thoughts on having CRS rules or Custom Rules 
for detecting attacks against WebSocket connections, specifically DoS and 
Websocket header tampering.

Thanks.


American Express made the following annotations
**
"This message and any attachments are solely for the intended recipient and may 
contain confidential or privileged information. If you are not the intended 
recipient, any disclosure, copying, use, or distribution of the information 
included in this message and any attachments is prohibited. If you have 
received this communication in error, please notify us by reply e-mail and 
immediately and permanently delete this message and any attachments. Thank you."

American Express a ajouté le commentaire suivant le Ce courrier et toute pièce 
jointe qu'il contient sont réservés au seul destinataire indiqué et peuvent 
renfermer des 
renseignements confidentiels et privilégiés. Si vous n'êtes pas le destinataire 
prévu, toute divulgation, duplication, utilisation ou distribution du courrier 
ou de toute pièce jointe est interdite. Si vous avez reçu cette communication 
par erreur, veuillez nous en aviser par courrier et détruire immédiatement le 
courrier et les pièces jointes. Merci.

**
___
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set