[Modsecurity] Modsecurity rules update for 20061013
mirror at prometheus-group.com
mirror at prometheus-group.com
Fri Oct 13 23:20:42 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
New Release of GotRoot Web Signatures
Diff of /etc/modsecurity/apache2-rules.conf
Diff of /etc/modsecurity/blacklist.conf
Diff of /etc/modsecurity/proxy.conf
Diff of /etc/modsecurity/rules.conf
7c7
< # Version: N-20061013-02
- ---
> # Version: N-20061010-02
174c174
< #Generic PHP remote file inclusion attack signature with command
- ---
> #Generic PHP remote file inclusion attack signature
181,186c181,183
< SecFilterSelective REQUEST_URI "!(/tiki-objectpermissions|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs)" "chain,id:300018,rev:3,severity:2,msg:'Generic PHP code injection protection via ARGS'"
< SecFilterSelective REQUEST_URI "\.php(3|4|5)?(\?|&)" chain
< SecFilterSelective ARGS "(ht|f)tps?:/"
< SecFilterSelective REQUEST_URI "!(/tiki-objectpermissions|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs)" "chain,id:300040,rev:1,severity:2,msg:'Generic PHP code injection protection in URI'"
< SecFilterSelective REQUEST_URI "\.php(3|4|5)?(\?|&).*=(ht|f)tps?:/"
<
- ---
> #MTS
> SecFilterSelective REQUEST_URI "!(/tiki-objectpermissions|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs)" "chain,id:300018,rev:2,severity:2,msg:'Generic PHP code injection protection'"
> SecFilterSelective REQUEST_URI "\.php(3|4|5)?(\?|&).*=(ht|f)tps?:/.*(\?|&)"
Diff of /etc/modsecurity/blacklist2.conf
124c124
< #SecFilterSelective THE_REQUEST "home\.arcor\.de"
- ---
> SecFilterSelective THE_REQUEST "home\.arcor\.de"
Diff of /etc/modsecurity/exclude.conf
Diff of /etc/modsecurity/rootkits.conf
Diff of /etc/modsecurity/useragents.conf
Diff of /etc/modsecurity/exclude.conf
Diff of /etc/modsecurity/badips.conf
Diff of /etc/modsecurity/recons.conf
Diff of /etc/modsecurity/jitp.conf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQIVAwUBRTBXirVvl2Kn6BhaAQLMlQ/9GOFgzJqg2UPzJp/b1E3zrvwVjPUaLORA
yHyuZUJywIxGtd6h1iaI2UnoLhhBFsURKY3NQKV9DJFZT5uN01FshssAOV/3SP1P
DxiTc3jor+MdaRzAReoRcGbnXPZnax4cqHMDcaT4fqxglvheeYosrh/XXcleAOH5
iwVjTPir6/dILZ2lRwWI+DIuRY6Blwiy8NGKanwXc1NDcon4LGsSHH49dQBqWi3c
cOxpPeojvDbTVDyXK63c6ojoe0qBUuZuVRYwjydTrV7gqysB5omxXPrjb5wwJ3JV
5Z1vMC5M1x2x4rPAxN5WdChoaGVTBhX96BNKh9kfQJDYNZ1QGqNgN/8RJSsfWrkH
y7AWiQgjEgEdXYS2m91i7FEHreQPvKiHxfiBeMe65fm9NI/zQKsGTxt6gXFGDDjK
U+I5ZNREDlhUpIgjfwTHNvfI4n76EqnJXDUoDtTSTYnH2Ks4/Kvd5HQV5siZuqzI
sq/9m0VBvA/Mwuvxpsu5qxkRKHmHQLMZE6BkFtQDmgAKWZG3kLrhnOLXFoU6tVei
iYRmdDWf3UT5/sgDoyC3+X7DHB84PycNBqZ/gRmLPsR26H4VGBZdGvt4WgS1Iabo
Gp+4OVvoXtcdIcFL18B7tCdul58EQ6wnBhxnknPVxDixO47tYGbALY022MXrB1lz
7g/g709z8RA=
=DnPJ
-----END PGP SIGNATURE-----
More information about the Modsecurity
mailing list