ModSecurity – Using Lua scripts with ModSecurity

Published on Author gryzliLeave a comment

If you decide to use ModSecurity ‘s support of  Lua, here you can find some usefull tips to consider. Short story … At the time of writing this article, the current ModSecurity version is 2.9.0, which provides plenty of functionalities. However if you want to go deep into web application filtering or maybe you need to… Continue reading ModSecurity – Using Lua scripts with ModSecurity

ModSecurity (WAF) – File upload is extremely slow

Published on Author gryzliLeave a comment

Is your file upload extremely slow after activating ModSecurity or some rule ? If you happen to experience extremely slow file uploads after activating some ModSecurity rules, there is one thing you should definetely check.   Recently I was trying to use the following directive: SecStreamInBodyInspection On   in order to give me access to… Continue reading ModSecurity (WAF) – File upload is extremely slow

ModSecurity (WAF) – Pitfalls during security rule development

Published on Author gryzliLeave a comment

ModSecurity rule development … pitfalls ! Recently I’m more and more involved in development of web application firewall (waf)  rules, for blocking diverse attack vectors and protecting web applications. In the course of rule writing, there were some little faults, which caused me to loose tens of hours for debugging, testing and deep duck into… Continue reading ModSecurity (WAF) – Pitfalls during security rule development

ModSecurity (WAF) 2.9.0 parsing and matching upon text/xml request bodies

Published on Author gryzliLeave a comment

Using ModSecurity for filtering application level requests is great. Let suggest you have been successfully using ModSecurity for filtering, attack detection/prevention and all kind of weird stuff.   Then you suddenly come to the moment, when you need to parse TEXT/XML  request bodies….well here comes the HELL.   In order to make anything clear I… Continue reading ModSecurity (WAF) 2.9.0 parsing and matching upon text/xml request bodies

ModSecurity (WAF) – Parsing the response body or what you need to know about it

Published on Author gryzliLeave a comment

Sooner or later, people decide that they need to parse response body in order to detect or prevent some malicious activity. Web application firewalls are useful for exactly the same goal. Whenever it comes to WAF, Mod security is the DIY tool for many people. It has nice integration for parsing response body, but there… Continue reading ModSecurity (WAF) – Parsing the response body or what you need to know about it