github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 23:17:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-182

Browse Source
This commit is contained in:
brenosilva
2010-11-29 14:07:35 +00:00
parent feddff25f4
commit d016abfefd
57 changed files with 191 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/Makefile
View File

@@ -30,7 +30,7 @@ html-multipage/index.html: modsecurity2-apache-reference.xml
$(XALAN) -q -xsl html-chunked.xsl -in modsecurity2-apache-reference.xml -param base.dir html-multipage/; \
cp modsecurity-reference.css html-multipage/; \
cp modsecurity.gif html-multipage/; \
cp breach-logo-small.gif html-multipage/; \
cp trustwave-logo-small.gif html-multipage/; \
cp apache_request_cycle-modsecurity.jpg html-multipage/
index.html: main-index.html

BIN
doc/breach-logo-small.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.3 KiB

4
doc/html-chunked.xsl
View File

@@ -9,11 +9,11 @@
<xsl:param name="html.stylesheet">modsecurity-reference.css</xsl:param>
<xsl:template name="user.header.navigation">
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.breach.com"><img border="0" width="100" height="36" src="breach-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.trustwave.com"><img border="0" width="100" height="36" src="trustwave-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
</xsl:template>
<xsl:template name="user.footer.navigation">
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.breach.com">Breach Security</a></div>
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.trustwave.com">Trustwave Holdings</a></div>
</xsl:template>
<xsl:template name="article.titlepage.separator">

4
doc/html.xsl
View File

@@ -5,11 +5,11 @@
<!--xsl:import href="/usr/share/xml/docbook/stylesheet/nwalsh/html/onechunk.xsl"/-->
<xsl:template name="user.header.navigation">
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.breach.com"><img border="0" width="100" height="36" src="breach-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.trustwave.com"><img border="0" width="100" height="36" src="trustwave-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
</xsl:template>
<xsl:template name="user.footer.navigation">
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.breach.com">Breach Security</a></div>
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.trustwave.com">Trustwave Holdings</a></div>
</xsl:template>
<xsl:template name="article.titlepage.separator">

4
doc/main-index.html
View File

@@ -8,7 +8,7 @@
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD">
<table width="100%" cellspacing="0" cellpadding="0"><tr><td><a href="http://www.modsecurity.org"><img style="margin:4px" src="modsecurity.gif" width="120" height="36" alt="ModSecurity" border="0"></a></td><td align="right"><a
href="http://www.breach.com"><img style="margin:6px" src="breach-logo-small.gif"
href="http://www.trustwave.com"><img style="margin:6px" src="trustwave-logo-small.gif"
height="36" width="100" border="0"></a></td></tr></table>
</div>
@@ -29,7 +29,7 @@ height="36" width="100" border="0"></a></td></tr></table>
<hr size="1">
<div align="center" class="copyright">Copyright (C) 2004-2006 <a
href="http://www.breach.com">Breach Security</a></div>
href="http://www.trustwave.com">Trustwave Holdings</a></div>
</body>
</html>

2
doc/migration-matrix.html
View File

@@ -1,6 +1,6 @@
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>ModSecurity Migration Matrix</title><link rel="stylesheet" href="html.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.70.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="d0e1"></a>ModSecurity Migration Matrix</h2></div><div><p class="releaseinfo">Version 1.0 / (April 10, 2007)</p></div><div><p class="copyright">Copyright &copy; 2004-2007 Breach Security, Inc. (<a href="http://www.breach.com" target="_top">http://www.breach.com</a>)</p></div></div><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="01-introduction"></a>Migration from 1.x to 2.x</h2></div></div></div><div class="section" lang="en"><div class="titlepage"></div><p>If you are already using an older version of ModSecurity and want to upgrade/migrate your existing custom rules, you will need to ensure that you properly translate all of your Directives to their corresponding 2.0 counterparts. Some directives have simply changed names, however some directives actually behave differently so it is important that you also review the entire 2.0 Reference Manual.
<title>ModSecurity Migration Matrix</title><link rel="stylesheet" href="html.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.70.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="d0e1"></a>ModSecurity Migration Matrix</h2></div><div><p class="releaseinfo">Version 1.0 / (April 10, 2007)</p></div><div><p class="copyright">Copyright &copy; 2004-2007 Trustwave Holdings, Inc. (<a href="http://www.trustwave.com" target="_top">http://www.trustwave.com</a>)</p></div></div><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="01-introduction"></a>Migration from 1.x to 2.x</h2></div></div></div><div class="section" lang="en"><div class="titlepage"></div><p>If you are already using an older version of ModSecurity and want to upgrade/migrate your existing custom rules, you will need to ensure that you properly translate all of your Directives to their corresponding 2.0 counterparts. Some directives have simply changed names, however some directives actually behave differently so it is important that you also review the entire 2.0 Reference Manual.
The migration matrix show below should help you to translate ModSecurity 1.X directives to the 2.0 values. There are also some notes that provide additional information is a directive significantly changed how it operates.
</p><table border="1" id="d0e21"><tr><td><span class="bold"><strong>Feature/Capability</strong></span></td><td><span class="bold"><strong>ModSecurity 1.x</strong></span></td><td><span class="bold"><strong>ModSecurity 2.x</strong></span></td><td><span class="bold"><strong>Notes</strong></span></td><td><span class="bold"><strong>How To Upgrade</strong></span></td></tr><tr><td><span class="bold"><strong>Apache Version Supported</strong></span></td><td>Apache 1.x/2.x</td><td>Apache 2.x Only</td><td>ModSecurity 2.0 will only work with Apache 2.x and not the older 1.3 version.</td><td>If you are mainly an Apache 1.3 shop and/or you have other web servers that you want to protect (such as IIS) an alternative solution is to deploy an Apache 2.x reverse proxy server and implement ModSecurity 2.x on it.</td></tr><tr><td><span class="bold"><strong>Installation</strong></span></td><td>Can be installed as either a DSO module or as a statically compiled module.</td><td>Can currently only be installed as a DSO module.</td><td>In 1.x, you could use apxs directly, while in 2.x you must use the provided Makefile.</td><td>If you can not use DSOs in your current Apache configs, you may look at implementing a front-end Apache reverse proxy server.</td></tr><tr><td><span class="bold"><strong>Configuration - IfModule</strong></span></td><td>Apache 1.x - &lt;IfModule mod_security.c&gt;

4
doc/migration-matrix.xml
View File

@@ -8,8 +8,8 @@
<copyright>
<year>2004-2010</year>
<holder>Breach Security, Inc. (<ulink
url="http://www.breach.com">http://www.breach.com</ulink>)</holder>
<holder>Trustwave Holdings, Inc. (<ulink
url="http://www.trustwave.com">http://www.trustwave.com</ulink>)</holder>
</copyright>
</articleinfo>

18
doc/modsecurity2-apache-reference.xml
View File

@@ -11,8 +11,8 @@
<copyright>
<year>2004-2010</year>
<holder>Breach Security, Inc. (<ulink
url="http://www.breach.com">http://www.breach.com</ulink>)</holder>
<holder>Trustwave Holdings, Inc. (<ulink
url="http://www.trustwave.com">http://www.trustwave.com</ulink>)</holder>
</copyright>
</articleinfo>
@@ -180,12 +180,12 @@
version 2 (licence text is included with the distribution), as an Open
Source / Free Software product. A range of commercial licenses is also
available, together with a range of commercial support contracts. For
more information on commercial licensing please contact Breach
more information on commercial licensing please contact Trustwave Holdings
Security.</para>
<note>
<para>ModSecurity, mod_security, ModSecurity Pro, and ModSecurity Core
Rules are trademarks or registered trademarks of Breach Security,
Rules are trademarks or registered trademarks of Trustwave Holdings,
Inc.</para>
</note>
</section>
@@ -200,7 +200,7 @@
<para>ModSecurity is a web application firewall engine that provides
very little protection on its own. In order to become useful,
ModSecurity must be configured with rules. In order to enable users to
take full advantage of ModSecurity out of the box, Breach Security, Inc.
take full advantage of ModSecurity out of the box, Trustwave Holdings, Inc.
is providing a free certified rule set for ModSecurity 2.x. Unlike
intrusion detection and prevention systems, which rely on signatures
specific to known vulnerabilities, the Core Rules provide generic
@@ -523,7 +523,7 @@ LoadFile /usr/lib/liblua5.1.so</programlisting></para>
themselves but rather place all changes (such as
<literal>SecRuleRemoveByID</literal>, etc...) in your custom rules file.
This will allow for easier upgrading as newer Core rules are released by
Breach Security on the ModSecurity website.</para>
Trustwave Holdings on the ModSecurity website.</para>
</note>
<section>
@@ -1488,7 +1488,7 @@ SecMarker 99</emphasis></programlisting></para>
<para><emphasis>Scope:</emphasis> Global</para>
<para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Version:</emphasis> 2.5.13</para>
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
(1500 by default). See also
@@ -1531,7 +1531,7 @@ SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</p
<para><emphasis>Scope:</emphasis> Global</para>
<para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Version:</emphasis> 2.5.13</para>
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
(1500 by default). See also <literal>SecPcreMatchLimit</literal></para>
@@ -2582,7 +2582,7 @@ SecRuleUpdateActionById 12345 "t:compressWhitespace,deny,status:403,msg:'A new m
<para><emphasis>Scope:</emphasis> Any</para>
<para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Version:</emphasis> 2.5.13</para>
<para><emphasis>Dependencies/Notes:</emphasis> The default is set to 100
files, but you are encouraged to reduce this value. Any file over the

4
doc/modsecurity2-data-formats.xml
View File

@@ -7,8 +7,8 @@
<releaseinfo>Version 2.5.10-dev1 (March 24, 2009)</releaseinfo>
<copyright>
<year>2004-2010</year>
<holder>Breach Security, Inc. (<ulink url="http://www.breach.com"
>http://www.breach.com</ulink>)</holder>
<holder>Trustwave Holdings, Inc. (<ulink url="http://www.trustwave.com"
>http://www.trustwave.com</ulink>)</holder>
</copyright>
</articleinfo>
<para>The purpose of this document is to describe the formats of the ModSecurity alert messages,

BIN
doc/trustwave-logo-small.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.5 KiB