Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

owasp-modsecurity-crs-2.2.9-3.3 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

Name: owasp-modsecurity-crs Distribution: openSUSE:Factory:zSystems
Version: 2.2.9 Vendor: obs://build.opensuse.org/openSUSE:Factory:zSystems
Release: 3.3 Build date: Sun Jun 6 19:03:33 2021
Group: Productivity/Networking/Security Build host: s390zp22
Size: 400013 Source RPM: owasp-modsecurity-crs-2.2.9-3.3.src.rpm
Url: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
Summary: OWASP ModSecurity Common Rule Set (CRS)
ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules. In order to enable users to take full advantage of ModSecurity™ out of the box, Trustwave's SpiderLabs is providing a free certified rule set for ModSecurity™ 2.x. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the Core Rules provide generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity™.

Core Rules Content

In order to provide generic web applications protection, the Core Rules use the following techniques:

HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy.
Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
Web-based Malware Detection - identifies malicious web content by check against the Google Safe Browsing API.
HTTP Denial of Service Protections - defense against HTTP Flooding and Slow HTTP DoS Attacks.
Common Web Attacks Protection - detecting common web application security attack.
Automation Detection - Detecting bots, crawlers, scanners and other surface malicious activity.
Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application.
Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
Trojan Protection - Detecting access to Trojans horses.
Identification of Application Defects - alerts on application misconfigurations.
Error Detection and Hiding - Disguising error messages sent by the server.

Provides

Requires

License

Apache-2.0

Changelog

* Tue Dec 01 2020 pgajdos@suse.com
  - use system apache rpm macros
* Mon Jul 24 2017 bwiedemann@suse.com
  - sort conf file entries to fix build-compare (boo#1041090)
* Sun Mar 08 2015 p.drouand@gmail.com
  - Update to version 2.2.9
    * Updated the /util directory structure
    * fix 950901 - word boundary added
    * modsecurity_35_bad_robots.data - gecko/25 blocks Firefox Android
    https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/157
  - Fix SuSE > SUSE spelling
  - Use download Url as source
  - Do not explicitely depend on apache2; apache2-mod_security2
    depends on it
  - Remove redundant %clean section
  - Do not copy INSTALL file into the package
  - ChangeLog has been replaced with CHANGES in upstream
* Wed Sep 19 2012 Thomas.Worm@DATEV.de
  - Raised version to 2.2.6.
    * Resolves bnc#779076
    * Resolves CORERULES-87
* Thu Sep 06 2012 Thomas.Worm@DATEV.de
  - Package modification for factory submission:
    * Changed services to localonly mode
    * Added copyright information to spec file
* Thu Sep 06 2012 Thomas.Worm@DATEV.de
  - Added README.SuSE
* Thu Aug 30 2012 Thomas.Worm@DATEV.de
  - Initial package version 2.2.5

Files

/etc/apache2/conf.d/owasp-modsecurity-crs.conf
/etc/owasp-modsecurity-crs
/etc/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
/etc/owasp-modsecurity-crs/rules.d
/usr/share/doc/packages/owasp-modsecurity-crs
/usr/share/doc/packages/owasp-modsecurity-crs/CHANGES
/usr/share/doc/packages/owasp-modsecurity-crs/LICENSE
/usr/share/doc/packages/owasp-modsecurity-crs/README.SUSE
/usr/share/doc/packages/owasp-modsecurity-crs/README.md
/usr/share/owasp-modsecurity-crs
/usr/share/owasp-modsecurity-crs/lua
/usr/share/owasp-modsecurity-crs/lua/advanced_filter_converter.lua
/usr/share/owasp-modsecurity-crs/lua/appsensor_request_exception_enforce.lua
/usr/share/owasp-modsecurity-crs/lua/appsensor_request_exception_profile.lua
/usr/share/owasp-modsecurity-crs/lua/arachni_integration.lua
/usr/share/owasp-modsecurity-crs/lua/bayes_check_spam.lua
/usr/share/owasp-modsecurity-crs/lua/bayes_train_ham.lua
/usr/share/owasp-modsecurity-crs/lua/bayes_train_spam.lua
/usr/share/owasp-modsecurity-crs/lua/gather_ip_data.lua
/usr/share/owasp-modsecurity-crs/lua/osvdb.lua
/usr/share/owasp-modsecurity-crs/lua/profile_page_scripts.lua
/usr/share/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example
/usr/share/owasp-modsecurity-crs/util
/usr/share/owasp-modsecurity-crs/util/README
/usr/share/owasp-modsecurity-crs/util/av-scanning
/usr/share/owasp-modsecurity-crs/util/av-scanning/runAV
/usr/share/owasp-modsecurity-crs/util/av-scanning/runAV/common.c
/usr/share/owasp-modsecurity-crs/util/av-scanning/runAV/common.h
/usr/share/owasp-modsecurity-crs/util/av-scanning/runAV/comp
/usr/share/owasp-modsecurity-crs/util/av-scanning/runAV/runAV-clamd.c
/usr/share/owasp-modsecurity-crs/util/av-scanning/runAV/runAV.c
/usr/share/owasp-modsecurity-crs/util/av-scanning/runav.pl
/usr/share/owasp-modsecurity-crs/util/browser-tools
/usr/share/owasp-modsecurity-crs/util/browser-tools/js-overrides.js
/usr/share/owasp-modsecurity-crs/util/honeypot-sensor
/usr/share/owasp-modsecurity-crs/util/honeypot-sensor/README.md
/usr/share/owasp-modsecurity-crs/util/honeypot-sensor/mlogc-honeypot-sensor.conf
/usr/share/owasp-modsecurity-crs/util/honeypot-sensor/modsecurity_crs_10_honeypot.conf
/usr/share/owasp-modsecurity-crs/util/regression-tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/INSTALL
/usr/share/owasp-modsecurity-crs/util/regression-tests/README
/usr/share/owasp-modsecurity-crs/util/regression-tests/modsecurity_crs_59_header_tagging.conf
/usr/share/owasp-modsecurity-crs/util/regression-tests/rulestest.conf
/usr/share/owasp-modsecurity-crs/util/regression-tests/rulestest.pl
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_20_protocol_violations.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_21_protocol_anomalies.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_23_request_limits.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_30_http_policy.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_35_bad_robots.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_40_generic_attacks.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_41_sql_injection_attacks.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_41_xss_attacks.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/modsecurity_crs_50_outbound.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/tests/ruby.tests
/usr/share/owasp-modsecurity-crs/util/regression-tests/testserver.cgi
/usr/share/owasp-modsecurity-crs/util/rule-management
/usr/share/owasp-modsecurity-crs/util/rule-management/id-range
/usr/share/owasp-modsecurity-crs/util/rule-management/remove-2.7-actions.pl
/usr/share/owasp-modsecurity-crs/util/rule-management/verify.rb
/usr/share/owasp-modsecurity-crs/util/virtual-patching
/usr/share/owasp-modsecurity-crs/util/virtual-patching/arachni2modsec.pl
/usr/share/owasp-modsecurity-crs/util/virtual-patching/zap2modsec.pl


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Nov 24 23:56:42 2021