FYI: I see CRS 2.1.1 is now available and it is less than six hours old. Here is the relevant portion of the change log:
-------------------------- OWASP ModSecurity Core Rule Set (CRS) JIRA CHANGELOG -------------------------- https://www.modsecurity.org/tracker/browse/CORERULES -------------------------- Version 2.1.1 - 12/30/2010 -------------------------- Bug Fixes: - Updated the 10 config conf file to add in pass action to User-Agent rule - Updated the CSRF ruleset to conditionally do content injection - if the csrf token was created by the session hijacking conf file - Updated the session hijacking conf file to only enforce rules if a SessionID Cookie was submitted - Fixed macro expansion setvar bug in the restricted file extension rule - Moved the comment spam data file into the optional_rules directory Mark Lavi Senior Web Producer sgi 46600 Landing Parkway Fremont, CA 94538 (510) 933-5234 direct [email protected] www.sgi.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Barnett Sent: Wednesday, December 29, 2010 1:09 PM To: [email protected]; [email protected] Subject: Re: [Owasp-modsecurity-core-rule-set] Seasons Greetings! Announcing Release of OWASP ModSecurity CRS v2.1.0 FYI - I just fixed a typo in the optional_rules/modsecurity_crs_16_session_hijacking.conf file. I updated the archives. Please re-download. Cheers, Ryan From: Ryan Barnett <[email protected]<mailto:[email protected]>> Date: Wed, 29 Dec 2010 13:58:15 -0600 To: "[email protected]<mailto:owasp-modsecurit [email protected]>" <[email protected]<mailto:owasp-modsecurit [email protected]>>, "[email protected]<mailto:mod-security-us...@list s.sourceforge.net>" <[email protected]<mailto:mod-security-us...@list s.sourceforge.net>> Subject: Seasons Greetings! Announcing Release of OWASP ModSecurity CRS v2.1.0 Greetings everyone, I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.1.0. This is a significant update as we have added many new capabilities. CHANGE LOG - -------------------------- Version 2.1.0 - 12/29/2010 -------------------------- Improvements: - Added Experimental Lua Converter script to normalize payloads. Based on PHPIDS Converter code and it used with the advanced filters conf file. - Changed the name of PHPIDS converted rules to Advanced Filters - Added Ignore Static Content (Performance enhancement) rule set - Added XML Enabler (Web Services) rule set which will parse XML data - Added Authorized Vulnerability Scanning (AVS) Whitelist rule set - Added Denial of Service (DoS) Protection rule set - Added Slow HTTP DoS (Connection Consumption) Protection rule set - Added Brute Force Attack Protection rule set - Added Session Hijacking Detection rule set - Added Username Tracking rule set - Added Authentication Tracking rule set - Added Anti-Virus Scanning of File Attachments rule set - Added AV Scanning program to /util directory - Added Credit Card Usage Tracking/Leakage Prevention rule set - Added experimental CC Track/PAN Leakage Prevention rule set - Added an experimental_rules directory to hold new BETA rules - Moved the local exceptions conf file back into base_rules dirctory however it has a ".example" extension to prevent overwriting customized versions when upgrading - Separated out HTTP Parameter Pollution and Restricted Character Anomaly Detection rules to the experimental_rules directory - Adding the REQUEST_HEADERS:User-Agent macro data to the initcol in 10 config file, which will help to make collections a bit more unique -------------------------- DOWNLOADING -------------------------- Manual Downloading: You can always download the latest CRS version here - https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CU RRENT/ Automated Downloading: Use the rules-updater.pl script in the CRS /util directory # Get a list of what the repository contains: $ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -l Repository: http://www.modsecurity.org/autoupdate/repository modsecurity-crs { 2.0.0: modsecurity-crs_2.0.0.zip 2.0.1: modsecurity-crs_2.0.1.zip 2.0.2: modsecurity-crs_2.0.2.zip 2.0.3: modsecurity-crs_2.0.3.zip 2.0.4: modsecurity-crs_2.0.4.zip 2.0.5: modsecurity-crs_2.0.5.zip 2.0.6: modsecurity-crs_2.0.6.zip 2.0.7: modsecurity-crs_2.0.7.zip 2.0.8: modsecurity-crs_2.0.8.zip 2.0.9: modsecurity-crs_2.0.9.zip 2.0.9: modsecurity-crs_2.0.10.zip 2.1.0: modsecurity-crs_2.1.0.zip } # Get the latest stable version of "modsecurity-crs": $ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -prules -Smodsecurity-crs Fetching: modsecurity-crs/modsecurity-crs_2.1.0.zip ... $ ls -R rules modsecurity-crs rules/modsecurity-crs: modsecurity-crs_2.1.0.zip modsecurity-crs_2.1.0.zip.sig -- Ryan Barnett Senior Security Researcher Trustwave - SpiderLabs ModSecurity Community Manager OWASP ModSecurity CRS Project Leader _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
