The new Core Rule Set 3.0 (CRS3) release simplifies ModSecurity/Drupal integration tremendously. Here is a guide aimed at the Drupal community to learn how to work with ModSecurity. This guide and the rule file it is based on currently covers Drupal Core. Modules / Plugins are not yet supported. But count on the Drupal community […]
In this article, we’ll look at various Ansible modules that can be used to fetch information from Cisco IOS devices: ios_facts, snmp_facts and ios_command. Regardless of the used module, we’ll store the output in a JSON file that can easily be used in other tools. ios_facts ios_facts is the obvious choice. It connects to the […]
Today, we are releasing the next tutorial in our Apache / ModSecurity series: Extending and Analyzing the Access Log “What’s the big deal?” I hear you say. I admit, it may sound a bit boring, but log files are primordial. Configuring the right logfile makes the difference between ignorance and insight into you server. There […]
The release of the OWASP ModSecurity Core Rule Set 3.0 is drawing closer and closer. This made me think about a way to introduce new users to ModSecurity and the Core Rules. Despite online documentation and blog posts and google and stack overflow and what not: There is no one stop place to learn it […]
There is a spare time activity which I enjoy in off hours. I go to reddit or twitter or some other site where web attack ideas are traded. I look for new exploits or evasions and try and run them against a local webserver to see if the OWASP ModSecurity Core Rules would block the […]
