From: Klaubert Herr da Silveira <[email protected]>
Date: Mon, 24 Jan 2011 07:48:58 -0600
To: "[email protected]"
<[email protected]>
Subject: [Owasp-modsecurity-core-rule-set] 960032 vs. 960010
>Hi,
>
>Just for my clarification, on "core ruleset/2.1.1", I saw that 960032 are
>using "tx.allowed_methods", configured from
>modsecurity_crs_10_config.conf.
>
>REQUEST_METHOD "!@within %{tx.allowed_methods}" ...
>
>But 960010 are not:
>REQUEST_METHOD REQUEST_METHOD "!^(?:GET|HEAD|PROPFIND|OPTIONS)$"
>
>Don't should 960010 use "tx.allowed_methods" too?
It probably could however these two rules are looking for different issues.
- 960032 is looking only at the allowed Request Methods as defined by the
Admin
- 960010 is looking, instead, at the allowed Content-Types. The reason
that the Request Method check is there is to weed out false positives as
we don't even want to look at the Content-Type header if the request is
using one of these Request Methods. This check was added due to strange
mobile device requests.
-Ryan
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
