Blame README.TXT

Packit 284210
ModSecurity for Apache 2.x, http://www.modsecurity.org/
Packit 284210
Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
Packit 284210
Packit 284210
You may not use this file except in compliance with
Packit 284210
the License.  You may obtain a copy of the License at
Packit 284210
Packit 284210
    http://www.apache.org/licenses/LICENSE-2.0
Packit 284210
Packit 284210
If any of the files related to licensing are missing or if you have any
Packit 284210
other questions related to licensing please contact Trustwave Holdings, Inc.
Packit 284210
directly using the email address security@modsecurity.org.
Packit 284210
Packit 284210
Packit 284210
DOCUMENTATION
Packit 284210
Packit 284210
Please refer to the documentation folder (/doc) for
Packit 284210
the reference manual.
Packit 284210
Packit 284210
Packit 284210
##############################################
Packit 284210
----------------------------------
Packit 284210
OWASP ModSecurity Core Rule Set (CRS)
Packit 284210
Packit 284210
Packit 284210
Project Site:
Packit 284210
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
Packit 284210
Packit 284210
Packit 284210
Download:
Packit 284210
https://github.com/SpiderLabs/owasp-modsecurity-crs
Packit 284210
Packit 284210
----------------------------------
Packit 284210
Packit 284210
ModSecurity™ is a web application firewall engine that provides very
Packit 284210
little protection on its own. In order to become useful, ModSecurity™ must
Packit 284210
be configured with rules. In order to enable users to take full advantage
Packit 284210
of ModSecurity™ out of the box, Trustwave's SpiderLabs is providing a free
Packit 284210
certified rule set for ModSecurity™ 2.x. Unlike intrusion detection and
Packit 284210
prevention systems, which rely on signatures specific to known
Packit 284210
vulnerabilities, the Core Rules provide generic protection from unknown
Packit 284210
vulnerabilities often found in web applications, which are in most cases
Packit 284210
custom coded. The Core Rules are heavily commented to allow it to be used
Packit 284210
as a step-by-step deployment guide for ModSecurity™.
Packit 284210
Core Rules Content
Packit 284210
Packit 284210
In order to provide generic web applications protection, the Core Rules
Packit 284210
use the following techniques:
Packit 284210
Packit 284210
* HTTP Protection - detecting violations of the HTTP protocol and a
Packit 284210
locally defined usage policy.
Packit 284210
* Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
Packit 284210
* Web-based Malware Detection - identifies malicious web content by check
Packit 284210
against the Google Safe Browsing API.
Packit 284210
* HTTP Denial of Service Protections - defense against HTTP Flooding and
Packit 284210
Slow HTTP DoS Attacks.
Packit 284210
* Common Web Attacks Protection - detecting common web application
Packit 284210
security attack.
Packit 284210
* Automation Detection - Detecting bots, crawlers, scanners and other
Packit 284210
surface malicious activity.
Packit 284210
* Integration with AV Scanning for File Uploads - detects malicious files
Packit 284210
uploaded through the web application.
Packit 284210
* Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
Packit 284210
* Trojan Protection - Detecting access to Trojans horses.
Packit 284210
* Identification of Application Defects - alerts on application
Packit 284210
misconfigurations.
Packit 284210
* Error Detection and Hiding - Disguising error messages sent by the
Packit 284210
server.
Packit 284210
Packit 284210
Packit 284210
----------------------------------
Packit 284210
ModSecurity Rules from Trustwave SpiderLabs
Packit 284210
Packit 284210
Project Site:
Packit 284210
https://www.trustwave.com/modsecurity-rules-support.php
Packit 284210
Packit 284210
Download:
Packit 284210
https://ssl.trustwave.com/web-application-firewall
Packit 284210
Packit 284210
----------------------------------
Packit 284210
Packit 284210
Packit 284210
Packit 284210
Trustwave now provides a commercial certified rule set for ModSecurity 2.x
Packit 284210
that protects against known attacks that target vulnerabilities in public
Packit 284210
software and are based on intelligence gathered from real-world
Packit 284210
investigations, honeypot data and research.
Packit 284210
Packit 284210
1. More than 16,000 specific rules, broken out into the following attack
Packit 284210
categories:
Packit 284210
 * SQL injection
Packit 284210
 * Cross-site Scripting (XSS)
Packit 284210
 * Local File Include
Packit 284210
 * Remote File Include
Packit 284210
Packit 284210
2. User option for application specific rules, covering the same
Packit 284210
vulnerability classes for applications such as:
Packit 284210
 * WordPress
Packit 284210
 * cPanel
Packit 284210
 * osCommerce
Packit 284210
 * Joomla
Packit 284210
 * For a complete listing of application coverage, please refer to this
Packit 284210
link (which is updated daily).
Packit 284210
https://modsecurity.org/application_coverage.html
Packit 284210
Packit 284210
3. Complements and integrates with the OWASP Core Rule Set
Packit 284210
4. IP Reputation capabilities which provide protection against malicious
Packit 284210
clients identified by the Trustwave SpiderLabs Distributed Web Honeypots
Packit 284210
5. Malware Detection capabilities which prevent your web site from
Packit 284210
distributing malicious code to clients.
Packit 284210
##############################################