Blame README.TXT

Packit Service 384592
ModSecurity for Apache 2.x, http://www.modsecurity.org/
Packit Service 384592
Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
Packit Service 384592
Packit Service 384592
You may not use this file except in compliance with
Packit Service 384592
the License.  You may obtain a copy of the License at
Packit Service 384592
Packit Service 384592
    http://www.apache.org/licenses/LICENSE-2.0
Packit Service 384592
Packit Service 384592
If any of the files related to licensing are missing or if you have any
Packit Service 384592
other questions related to licensing please contact Trustwave Holdings, Inc.
Packit Service 384592
directly using the email address security@modsecurity.org.
Packit Service 384592
Packit Service 384592
Packit Service 384592
DOCUMENTATION
Packit Service 384592
Packit Service 384592
Please refer to the documentation folder (/doc) for
Packit Service 384592
the reference manual.
Packit Service 384592
Packit Service 384592
Packit Service 384592
##############################################
Packit Service 384592
----------------------------------
Packit Service 384592
OWASP ModSecurity Core Rule Set (CRS)
Packit Service 384592
Packit Service 384592
Packit Service 384592
Project Site:
Packit Service 384592
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
Packit Service 384592
Packit Service 384592
Packit Service 384592
Download:
Packit Service 384592
https://github.com/SpiderLabs/owasp-modsecurity-crs
Packit Service 384592
Packit Service 384592
----------------------------------
Packit Service 384592
Packit Service 384592
ModSecurity™ is a web application firewall engine that provides very
Packit Service 384592
little protection on its own. In order to become useful, ModSecurity™ must
Packit Service 384592
be configured with rules. In order to enable users to take full advantage
Packit Service 384592
of ModSecurity™ out of the box, Trustwave's SpiderLabs is providing a free
Packit Service 384592
certified rule set for ModSecurity™ 2.x. Unlike intrusion detection and
Packit Service 384592
prevention systems, which rely on signatures specific to known
Packit Service 384592
vulnerabilities, the Core Rules provide generic protection from unknown
Packit Service 384592
vulnerabilities often found in web applications, which are in most cases
Packit Service 384592
custom coded. The Core Rules are heavily commented to allow it to be used
Packit Service 384592
as a step-by-step deployment guide for ModSecurity™.
Packit Service 384592
Core Rules Content
Packit Service 384592
Packit Service 384592
In order to provide generic web applications protection, the Core Rules
Packit Service 384592
use the following techniques:
Packit Service 384592
Packit Service 384592
* HTTP Protection - detecting violations of the HTTP protocol and a
Packit Service 384592
locally defined usage policy.
Packit Service 384592
* Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
Packit Service 384592
* Web-based Malware Detection - identifies malicious web content by check
Packit Service 384592
against the Google Safe Browsing API.
Packit Service 384592
* HTTP Denial of Service Protections - defense against HTTP Flooding and
Packit Service 384592
Slow HTTP DoS Attacks.
Packit Service 384592
* Common Web Attacks Protection - detecting common web application
Packit Service 384592
security attack.
Packit Service 384592
* Automation Detection - Detecting bots, crawlers, scanners and other
Packit Service 384592
surface malicious activity.
Packit Service 384592
* Integration with AV Scanning for File Uploads - detects malicious files
Packit Service 384592
uploaded through the web application.
Packit Service 384592
* Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
Packit Service 384592
* Trojan Protection - Detecting access to Trojans horses.
Packit Service 384592
* Identification of Application Defects - alerts on application
Packit Service 384592
misconfigurations.
Packit Service 384592
* Error Detection and Hiding - Disguising error messages sent by the
Packit Service 384592
server.
Packit Service 384592
Packit Service 384592
Packit Service 384592
----------------------------------
Packit Service 384592
ModSecurity Rules from Trustwave SpiderLabs
Packit Service 384592
Packit Service 384592
Project Site:
Packit Service 384592
https://www.trustwave.com/modsecurity-rules-support.php
Packit Service 384592
Packit Service 384592
Download:
Packit Service 384592
https://ssl.trustwave.com/web-application-firewall
Packit Service 384592
Packit Service 384592
----------------------------------
Packit Service 384592
Packit Service 384592
Packit Service 384592
Packit Service 384592
Trustwave now provides a commercial certified rule set for ModSecurity 2.x
Packit Service 384592
that protects against known attacks that target vulnerabilities in public
Packit Service 384592
software and are based on intelligence gathered from real-world
Packit Service 384592
investigations, honeypot data and research.
Packit Service 384592
Packit Service 384592
1. More than 16,000 specific rules, broken out into the following attack
Packit Service 384592
categories:
Packit Service 384592
 * SQL injection
Packit Service 384592
 * Cross-site Scripting (XSS)
Packit Service 384592
 * Local File Include
Packit Service 384592
 * Remote File Include
Packit Service 384592
Packit Service 384592
2. User option for application specific rules, covering the same
Packit Service 384592
vulnerability classes for applications such as:
Packit Service 384592
 * WordPress
Packit Service 384592
 * cPanel
Packit Service 384592
 * osCommerce
Packit Service 384592
 * Joomla
Packit Service 384592
 * For a complete listing of application coverage, please refer to this
Packit Service 384592
link (which is updated daily).
Packit Service 384592
https://modsecurity.org/application_coverage.html
Packit Service 384592
Packit Service 384592
3. Complements and integrates with the OWASP Core Rule Set
Packit Service 384592
4. IP Reputation capabilities which provide protection against malicious
Packit Service 384592
clients identified by the Trustwave SpiderLabs Distributed Web Honeypots
Packit Service 384592
5. Malware Detection capabilities which prevent your web site from
Packit Service 384592
distributing malicious code to clients.
Packit Service 384592
##############################################