Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ryan Barnett <RBarnett <at> trustwave.com>
Subject: CloudFlare vs Incapsula vs ModSecurity
Newsgroups: gmane.comp.apache.mod-security.user
Date: Wednesday 27th February 2013 22:07:37 UTC (over 5 years ago)
An interesting WAF eval report -
http://zeroscience.mk/files/wafreport2013.pdf

ModSecurity has the best false negative rate :)

I have just updated github repo with fixes for the 2 LFI/RFI bypasses -
https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/7ff865deab72b0993824ce4ef53189745a4dd1a3

Note that for the LFI issue I applied the t:cmdLine transformation function
-
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-cmdLine

Thanks to Marc Stern for that contribution!

LFI Bypass fixed -
http://www.modsecurity.org/demo/phpids?test=cat%20\/etc\/passwd

RFI Bypass fixed -
http://www.modsecurity.org/demo/phpids?test=http://dni.destr0y.net/x.txt


--
Ryan Barnett


________________________________

This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
 
CD: 4ms