Subject: Re: how to prevent directory
traversal withmodsecurity2



You could use a rule similar to this –

 

SecRule REQUEST_URI "\.\." "phase:1,log,deny,msg:'Directory Traversal Attack Detected'"

 

The only issue to be aware of is to make sure you verify exactly which transformation functions may be inherited with this rule.  If it applies the normalisePath function (http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsecurity2-apache-reference.html#N10E9C) it will not match as it will remove the .. characters.  It is for these types of reasons that you should always turn up the debug log level and review your new rule processing with some tests.

 

--
Ryan C. Barnett
ModSecurity Community Manager

Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC

Author: Preventing Web Attacks with Apache

 

 

From: [email protected] [mailto:[email protected]] On Behalf Of Yavuz Maslak
Sent: Wednesday, June 27, 2007 5:27 AM
To: [email protected]
Subject: [mod-security-users] how to prevent directory traversal withmodsecurity2

 

Hello,

 

I am novice at modsecurity

 

I installed mod_security2 on apache2.0.59

 

I couldn't find  how to prevent directory traversal with modsecurity2 .

I know that with modsecurity1. But I couldn't find for modsecurity2.

How can I get useful examples about that ?

 

 

Thanks a lot.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/_______________________________________________
mod-security-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mod-security-users



Programming list archiving by: Enterprise Git Hosting