Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Chaim Sanders
    @csanders-git
    Welcome to the OWASP Core Rule Set twitter
    *gitter
    Robert
    @p0pr0ck5
    hello world!
    Victor Hora
    @victorhora
    hello :)
    Chaim Sanders
    @csanders-git
    hey @p0pr0ck5 welcome back to the world of the living :)
    Robert
    @p0pr0ck5
    :D
    Robert
    @p0pr0ck5
    @csanders-git heya, whats the numeric relationship for human-readable phase representations? i assume request phase is analagous phase 2. is response phase 4, given that it seems to expect the body? any human readable words for phases 1 and 3?
    we'd like to support this in lua-resty-waf (matter of fact, on my plate now is integrating CRS directly into the project for out-of-the-box support)
    Chaim Sanders
    @csanders-git
    @p0pr0ck5 nope, just those two .... AWESOME, we're always happy to help make sure CRS works on any WAF that is looking to have its support :)
    Robert
    @p0pr0ck5
    bueno. will keep yall updated
    FP reduction is a big draw for us to the CRS. only roadblock at this point is target exclusions
    (and then response body handling, but thats another kettle of fish ;) )
    Robert
    @p0pr0ck5
    oh, jeez https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#phase
    i gotta rtfm :|
    Chaim Sanders
    @csanders-git
    oh jeez i forgot about logging too
    it's not used in CRS though
    Robert
    @p0pr0ck5
    is there a test suite for new CRS rules? e.g. a set of requests/responses that are known to trigger rules so we can check for correctness in other projects?
    Chaim Sanders
    @csanders-git
    yes
    https://github.com/SpiderLabs/OWASP-CRS-regressions
    Robert
    @p0pr0ck5
    awwwww yeah
    great, ty
    Chaim Sanders
    @csanders-git
    it's not totally in the best state but i've been working on it
    so if you find issues open PR's
    Robert
    @p0pr0ck5
    :thumbsup:
    its a good starting point
    Chaim Sanders
    @csanders-git
    that's the point
    Robert
    @p0pr0ck5
    some of the more meta modsec elements might not have the best translation
    so we're likely to find a lot of bugs in our engine
    thisll help
    Chaim Sanders
    @csanders-git
    :-D
    Robert
    @p0pr0ck5
    man, src does some reeeeealy handwavy things sometimes. 920450 is quite the impressive manipulation ;)
    Chaim Sanders
    @csanders-git
    @p0pr0ck5 src? but yeah there are some real annoyances to using @ within in the way we had to use it
    Robert
    @p0pr0ck5
    src == crs. man i cant type today :|
    oh, hey, while youre here, can you help me understand how ctl:forceRequestBodyVariable is useful in 920420? https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L1001
    found a 6 year old changelog entry about it reference evasion, but im having trouble understanding how its useful
    Chaim Sanders
    @csanders-git
    I asked Ryan the same question, it isn't clear how this actually avoids any issue in the rule it's used in.
    Michael Birnholz
    @mbtoldya
    Howdy folks. I am a newb, who just tried installing v2.92 on a win 2012 server. it failed, and i tried to remove it and can't be removed. Is there a way to just force a later version on top of old ?