|
Packit Service |
384592 |
ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
|
Packit Service |
384592 |
Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
You may not use this file except in compliance with
|
|
Packit Service |
384592 |
the License. You may obtain a copy of the License at
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
If any of the files related to licensing are missing or if you have any
|
|
Packit Service |
384592 |
other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
Packit Service |
384592 |
directly using the email address security@modsecurity.org.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
DOCUMENTATION
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Please refer to the documentation folder (/doc) for
|
|
Packit Service |
384592 |
the reference manual.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
##############################################
|
|
Packit Service |
384592 |
----------------------------------
|
|
Packit Service |
384592 |
OWASP ModSecurity Core Rule Set (CRS)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Project Site:
|
|
Packit Service |
384592 |
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Download:
|
|
Packit Service |
384592 |
https://github.com/SpiderLabs/owasp-modsecurity-crs
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
----------------------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ModSecurity™ is a web application firewall engine that provides very
|
|
Packit Service |
384592 |
little protection on its own. In order to become useful, ModSecurity™ must
|
|
Packit Service |
384592 |
be configured with rules. In order to enable users to take full advantage
|
|
Packit Service |
384592 |
of ModSecurity™ out of the box, Trustwave's SpiderLabs is providing a free
|
|
Packit Service |
384592 |
certified rule set for ModSecurity™ 2.x. Unlike intrusion detection and
|
|
Packit Service |
384592 |
prevention systems, which rely on signatures specific to known
|
|
Packit Service |
384592 |
vulnerabilities, the Core Rules provide generic protection from unknown
|
|
Packit Service |
384592 |
vulnerabilities often found in web applications, which are in most cases
|
|
Packit Service |
384592 |
custom coded. The Core Rules are heavily commented to allow it to be used
|
|
Packit Service |
384592 |
as a step-by-step deployment guide for ModSecurity™.
|
|
Packit Service |
384592 |
Core Rules Content
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
In order to provide generic web applications protection, the Core Rules
|
|
Packit Service |
384592 |
use the following techniques:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* HTTP Protection - detecting violations of the HTTP protocol and a
|
|
Packit Service |
384592 |
locally defined usage policy.
|
|
Packit Service |
384592 |
* Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
|
|
Packit Service |
384592 |
* Web-based Malware Detection - identifies malicious web content by check
|
|
Packit Service |
384592 |
against the Google Safe Browsing API.
|
|
Packit Service |
384592 |
* HTTP Denial of Service Protections - defense against HTTP Flooding and
|
|
Packit Service |
384592 |
Slow HTTP DoS Attacks.
|
|
Packit Service |
384592 |
* Common Web Attacks Protection - detecting common web application
|
|
Packit Service |
384592 |
security attack.
|
|
Packit Service |
384592 |
* Automation Detection - Detecting bots, crawlers, scanners and other
|
|
Packit Service |
384592 |
surface malicious activity.
|
|
Packit Service |
384592 |
* Integration with AV Scanning for File Uploads - detects malicious files
|
|
Packit Service |
384592 |
uploaded through the web application.
|
|
Packit Service |
384592 |
* Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
|
|
Packit Service |
384592 |
* Trojan Protection - Detecting access to Trojans horses.
|
|
Packit Service |
384592 |
* Identification of Application Defects - alerts on application
|
|
Packit Service |
384592 |
misconfigurations.
|
|
Packit Service |
384592 |
* Error Detection and Hiding - Disguising error messages sent by the
|
|
Packit Service |
384592 |
server.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
----------------------------------
|
|
Packit Service |
384592 |
ModSecurity Rules from Trustwave SpiderLabs
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Project Site:
|
|
Packit Service |
384592 |
https://www.trustwave.com/modsecurity-rules-support.php
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Download:
|
|
Packit Service |
384592 |
https://ssl.trustwave.com/web-application-firewall
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
----------------------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Trustwave now provides a commercial certified rule set for ModSecurity 2.x
|
|
Packit Service |
384592 |
that protects against known attacks that target vulnerabilities in public
|
|
Packit Service |
384592 |
software and are based on intelligence gathered from real-world
|
|
Packit Service |
384592 |
investigations, honeypot data and research.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
1. More than 16,000 specific rules, broken out into the following attack
|
|
Packit Service |
384592 |
categories:
|
|
Packit Service |
384592 |
* SQL injection
|
|
Packit Service |
384592 |
* Cross-site Scripting (XSS)
|
|
Packit Service |
384592 |
* Local File Include
|
|
Packit Service |
384592 |
* Remote File Include
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
2. User option for application specific rules, covering the same
|
|
Packit Service |
384592 |
vulnerability classes for applications such as:
|
|
Packit Service |
384592 |
* WordPress
|
|
Packit Service |
384592 |
* cPanel
|
|
Packit Service |
384592 |
* osCommerce
|
|
Packit Service |
384592 |
* Joomla
|
|
Packit Service |
384592 |
* For a complete listing of application coverage, please refer to this
|
|
Packit Service |
384592 |
link (which is updated daily).
|
|
Packit Service |
384592 |
https://modsecurity.org/application_coverage.html
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
3. Complements and integrates with the OWASP Core Rule Set
|
|
Packit Service |
384592 |
4. IP Reputation capabilities which provide protection against malicious
|
|
Packit Service |
384592 |
clients identified by the Trustwave SpiderLabs Distributed Web Honeypots
|
|
Packit Service |
384592 |
5. Malware Detection capabilities which prevent your web site from
|
|
Packit Service |
384592 |
distributing malicious code to clients.
|
|
Packit Service |
384592 |
##############################################
|