github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-17 01:51:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated Reference Manual (mediawiki)

Felipe Zimmerle
2013-12-16 07:37:07 -08:00
parent 463d0d4982
commit 2dc4835337
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Reference-Manual.mediawiki

@@ -582,7 +582,7 @@ This directive should be used to make the presence of significant rule sets know
'''Scope:''' Any
'''Version:''' 2.7.6
'''Version:''' 2.8.0
Analog to SecRuleEngine, the possible values are:
*'''On''': process rules, quietly.
@@ -1001,11 +1001,11 @@ The only reason you would want to change the name of the token is if you wanted
'''Scope''': Main
'''Version''': 2.5.13, DEPRECATED as of v2.7.6.
'''Version''': 2.5.13, DEPRECATED as of v2.8.0.
'''Default:''' 0 (no limit)
For v2.7.6 or newest refer to SecConnReadStateLimit.
For v2.8.0 or newest refer to SecConnReadStateLimit.
== SecConnReadStateLimit ==
'''Description:''' Establishes a per-IP address limit of how many connections are allowed to be in SERVER_BUSY_READ state.
@@ -1016,11 +1016,11 @@ For v2.7.6 or newest refer to SecConnReadStateLimit.
'''Scope''': Main
'''Version''': v2.7.6
'''Version''': v2.8.0
'''Default:''' 0 (no limit)
This measure is effective against Slowloris-style attacks from a single IP address, but it may not be as good against modified attacks that work by slowly sending request body content. This is because Apache to switches state to SERVER_BUSY_WRITE once request headers have been read. As an alternative, consider mod_reqtimeout (part of Apache as of 2.2.15), which is expected be effective against both attack types. See Blog post on mitigating slow DoS attacks - http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html. v2.7.6 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor.
This measure is effective against Slowloris-style attacks from a single IP address, but it may not be as good against modified attacks that work by slowly sending request body content. This is because Apache to switches state to SERVER_BUSY_WRITE once request headers have been read. As an alternative, consider mod_reqtimeout (part of Apache as of 2.2.15), which is expected be effective against both attack types. See Blog post on mitigating slow DoS attacks - http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html. v2.8.0 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor.
== SecSensorId ==
'''Description:''' Define a sensor ID that will be present into log part H.
@@ -1042,11 +1042,11 @@ This measure is effective against Slowloris-style attacks from a single IP addre
'''Scope''': Main
'''Version''': 2.6.0, DEPRECATED as of v2.7.6.
'''Version''': 2.6.0, DEPRECATED as of v2.8.0.
'''Default:''' 0 (no limit)
For v2.7.6 or newest refer to SecConnWriteStateLimit.
For v2.8.0 or newest refer to SecConnWriteStateLimit.
== SecConnWriteStateLimit ==
'''Description:''' Establishes a per-IP address limit of how many connections are allowed to be in SERVER_BUSY_WRITE state.
@@ -1061,7 +1061,7 @@ For v2.7.6 or newest refer to SecConnWriteStateLimit.
'''Default:''' 0 (no limit)
This measure is effective against Slow DoS request body attacks. v2.7.6 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor.
This measure is effective against Slow DoS request body attacks. v2.8.0 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor.
== SecRequestBodyAccess ==
'''Description''': Configures whether request bodies will be buffered and processed by ModSecurity.