From 2dc4835337e22cf43f77dd4a478ca7a50853e5ea Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 16 Dec 2013 07:37:07 -0800 Subject: [PATCH] Updated Reference Manual (mediawiki) --- Reference-Manual.mediawiki | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Reference-Manual.mediawiki b/Reference-Manual.mediawiki index b2a107f..b0b5837 100644 --- a/Reference-Manual.mediawiki +++ b/Reference-Manual.mediawiki @@ -582,7 +582,7 @@ This directive should be used to make the presence of significant rule sets know '''Scope:''' Any -'''Version:''' 2.7.6 +'''Version:''' 2.8.0 Analog to SecRuleEngine, the possible values are: *'''On''': process rules, quietly. @@ -1001,11 +1001,11 @@ The only reason you would want to change the name of the token is if you wanted '''Scope''': Main -'''Version''': 2.5.13, DEPRECATED as of v2.7.6. +'''Version''': 2.5.13, DEPRECATED as of v2.8.0. '''Default:''' 0 (no limit) -For v2.7.6 or newest refer to SecConnReadStateLimit. +For v2.8.0 or newest refer to SecConnReadStateLimit. == SecConnReadStateLimit == '''Description:''' Establishes a per-IP address limit of how many connections are allowed to be in SERVER_BUSY_READ state. @@ -1016,11 +1016,11 @@ For v2.7.6 or newest refer to SecConnReadStateLimit. '''Scope''': Main -'''Version''': v2.7.6 +'''Version''': v2.8.0 '''Default:''' 0 (no limit) -This measure is effective against Slowloris-style attacks from a single IP address, but it may not be as good against modified attacks that work by slowly sending request body content. This is because Apache to switches state to SERVER_BUSY_WRITE once request headers have been read. As an alternative, consider mod_reqtimeout (part of Apache as of 2.2.15), which is expected be effective against both attack types. See Blog post on mitigating slow DoS attacks - http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html. v2.7.6 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor. +This measure is effective against Slowloris-style attacks from a single IP address, but it may not be as good against modified attacks that work by slowly sending request body content. This is because Apache to switches state to SERVER_BUSY_WRITE once request headers have been read. As an alternative, consider mod_reqtimeout (part of Apache as of 2.2.15), which is expected be effective against both attack types. See Blog post on mitigating slow DoS attacks - http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html. v2.8.0 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor. == SecSensorId == '''Description:''' Define a sensor ID that will be present into log part H. @@ -1042,11 +1042,11 @@ This measure is effective against Slowloris-style attacks from a single IP addre '''Scope''': Main -'''Version''': 2.6.0, DEPRECATED as of v2.7.6. +'''Version''': 2.6.0, DEPRECATED as of v2.8.0. '''Default:''' 0 (no limit) -For v2.7.6 or newest refer to SecConnWriteStateLimit. +For v2.8.0 or newest refer to SecConnWriteStateLimit. == SecConnWriteStateLimit == '''Description:''' Establishes a per-IP address limit of how many connections are allowed to be in SERVER_BUSY_WRITE state. @@ -1061,7 +1061,7 @@ For v2.7.6 or newest refer to SecConnWriteStateLimit. '''Default:''' 0 (no limit) -This measure is effective against Slow DoS request body attacks. v2.7.6 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor. +This measure is effective against Slow DoS request body attacks. v2.8.0 and newest supports the @ipMatch, @ipMatchF and @ipMatchFromFile operator along with the its negative (e.g. !@ipMatch) these were used to create suspicious or whitelist. When a suspicious list is informed, just the IPs that belongs to the list will be filtered. A combination of suspicious and whitelist is possible by using multiple definitions of SecConnReadStateLimit, note, however, that the limit will be always overwrite by its successor. == SecRequestBodyAccess == '''Description''': Configures whether request bodies will be buffered and processed by ModSecurity.