This is Saas Qa's TypePad Profile.
Join TypePad and start following Saas Qa's activity
Saas Qa
Recent Activity
hi
tried the mod security ruleset on apache 2.2 using mod_security 2.5 and am seeing these errors in the error_log. as for the killer script, it still is able to load apache very heavily. so basically, i am seeing no effect with this ruleset..
[Thu Sep 01 15:21:58 2011] [error] [client 10.11.14.22] ModSecurity: Warning. Pattern match "^(.*),$" at TX:0. [file "/etc/httpd/conf.d/00_mod_security.conf"]
[line "9"] [msg "Truncating Large Range Header Field."] [hostname "postfix"] [uri "/"] [unique_id "rErE7woLDhYAAE-sJJUAAAAE"]
[Thu Sep 01 15:21:58 2011] [error] [client 10.11.14.22] ModSecurity: Warning. Pattern match "^(.*),$" at TX:0. [file "/etc/httpd/conf.d/00_mod_security.conf"]
[line "9"] [msg "Truncating Large Range Header Field."] [hostname "postfix"] [uri "/"] [unique_id "rErOswoLDhYAAFG3KsUAAAAI"]
[Thu Sep 01 15:21:58 2011] [error] [client 10.11.14.22] ModSecurity: Warning. Pattern match "^(.*),$" at TX:0. [file "/etc/httpd/conf.d/00_mod_security.conf"]
[line "9"] [msg "Truncating Large Range Header Field."] [hostname "postfix"] [uri "/"] [unique_id "rEq2nQoLDhYAAE-qI8EAAAAC"]
[Thu Sep 01 15:21:58 2011] [error] [client 10.11.14.22] ModSecurity: Warning. Pattern match "^(.*),$" at TX:0. [file "/etc/httpd/conf.d/00_mod_security.conf"]
[line "9"] [msg "Truncating Large Range Header Field."] [hostname "postfix"] [uri "/"] [unique_id "rErnzgoLDhYAAFKzN-sAAAAK"]
Commented Sep 1, 2011 on (Updated) Mitigation of Apache Range Header DoS Attack at SpiderLabs Anterior
(Updated) Mitigation of Apache Range Header DoS Attack
Update After deeper research into the underlying vulnerability and analyzing customer traffic, SpiderLabs has developed a new BETA ModSecurity ruleset to mitigate the Apache Range Header DoS vulnerability. The following rules may be used to truncate the Range header fields to five: SecRule REQU...
Saas Qa is now following The Typepad Team
Sep 1, 2011
Subscribe to Saas Qa’s Recent Activity
