mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2026-01-10 02:04:36 +03:00
Clarified that we are a GPLv2-only project.
This commit is contained in:
ivanr
@@ -167,12 +167,11 @@
|
|||||||
|
|
||||||
<para>ModSecurity is available under two licenses. Users can choose to
|
<para>ModSecurity is available under two licenses. Users can choose to
|
||||||
use the software under the terms of the GNU General Public License
|
use the software under the terms of the GNU General Public License
|
||||||
(<ulink
|
version 2 (licence text is included with the distribution),as an Open
|
||||||
url="http://www.gnu.org/licenses/gpl.html">http://www.gnu.org/licenses/gpl.html</ulink>),as
|
Source / Free Software product. A range of commercial licenses is also
|
||||||
an Open Source / Free Software product. A range of commercial licenses
|
available, together with a range of commercial support contracts. For
|
||||||
is also available, together with a range of commercial support
|
more information on commercial licensing please contact Breach
|
||||||
contracts. For more information on commercial licensing please contact
|
Security.</para>
|
||||||
Breach Security.</para>
|
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>ModSecurity, mod_security, and ModSecurity Pro are trademarks or
|
<para>ModSecurity, mod_security, and ModSecurity Pro are trademarks or
|
||||||
@@ -1037,12 +1036,13 @@ SecAuditLogStorageDir logs/audit
|
|||||||
<para>Development of a state of the art external protection tool will be
|
<para>Development of a state of the art external protection tool will be
|
||||||
a focus of subsequent ModSecurity releases. However, a fully functional
|
a focus of subsequent ModSecurity releases. However, a fully functional
|
||||||
tool is already available as part of the Apache httpd tools project
|
tool is already available as part of the Apache httpd tools project
|
||||||
(<link linkend="http://www.apachesecurity.net/tools/">http://www.apachesecurity.net/tools/</link>). The
|
(<link
|
||||||
tool is called httpd-guardian and can be used to defend against Denial
|
linkend="http://www.apachesecurity.net/tools/">http://www.apachesecurity.net/tools/</link>).
|
||||||
of Service attacks. It uses the blacklist tool (from the same project)
|
The tool is called httpd-guardian and can be used to defend against
|
||||||
to interact with an iptables-based (Linux) or pf-based (*BSD) firewall,
|
Denial of Service attacks. It uses the blacklist tool (from the same
|
||||||
dynamically blacklisting the offending IP addresses. It can also
|
project) to interact with an iptables-based (Linux) or pf-based (*BSD)
|
||||||
interact with SnortSam (http://www.snortsam.net). Assuming
|
firewall, dynamically blacklisting the offending IP addresses. It can
|
||||||
|
also interact with SnortSam (http://www.snortsam.net). Assuming
|
||||||
httpd-guardian is already configured (look into the source code for the
|
httpd-guardian is already configured (look into the source code for the
|
||||||
detailed instructions) you only need to add one line to your Apache
|
detailed instructions) you only need to add one line to your Apache
|
||||||
configuration to deploy it:</para>
|
configuration to deploy it:</para>
|
||||||
@@ -1878,10 +1878,12 @@ SecRule HTTP_Host "!^$" "deny,<emphasis role="bold">phase:1</emphasis>"</program
|
|||||||
expression in the selection operator itself. The following rule will
|
expression in the selection operator itself. The following rule will
|
||||||
look into all arguments whose names begin with <literal
|
look into all arguments whose names begin with <literal
|
||||||
moreinfo="none">id_</literal>: <programlisting format="linespecific">SecRule ARGS:/^id_/ dirty</programlisting></para>
|
moreinfo="none">id_</literal>: <programlisting format="linespecific">SecRule ARGS:/^id_/ dirty</programlisting></para>
|
||||||
|
|
||||||
<note><para>In ModSecurity 1.X, the <literal>ARGS</literal> variable stood
|
<note>
|
||||||
for <literal>QUERY_STRING</literal> + <literal>POST_PAYLOAD</literal>,
|
<para>In ModSecurity 1.X, the <literal>ARGS</literal> variable stood
|
||||||
whereas now it expands to to individual variables.</para></note>
|
for <literal>QUERY_STRING</literal> + <literal>POST_PAYLOAD</literal>,
|
||||||
|
whereas now it expands to to individual variables.</para>
|
||||||
|
</note>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@@ -4030,7 +4032,7 @@ SecRule XML:/soap:Envelope/soap:Body/q1:getInput/id() "123" phase:2,deny</progra
|
|||||||
<literal moreinfo="none">PCRE_DOLLAR_ENDONLY</literal> flags are set
|
<literal moreinfo="none">PCRE_DOLLAR_ENDONLY</literal> flags are set
|
||||||
during compilation, meaning a single dot will match any character,
|
during compilation, meaning a single dot will match any character,
|
||||||
including the newlines and a <literal moreinfo="none">$</literal>
|
including the newlines and a <literal moreinfo="none">$</literal>
|
||||||
end anchor will not match a trailing newline charater.</para>
|
end anchor will not match a trailing newline charater.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist>
|
</orderedlist>
|
||||||
</section>
|
</section>
|
||||||
@@ -4173,4 +4175,4 @@ SecRule XML "<emphasis role="bold">@validateSchema /path/to/apache2/conf/xml.xsd
|
|||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
Reference in New Issue
Block a user