Begin forwarded message:
From: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: July 21, 2011 7:59:55 AM EDT To: Ryan Barnett <[email protected]<mailto:[email protected]>> Subject: SF.net<http://SF.net> SVN: mod-security:[1820] crs/trunk Revision: 1820 <http://mod-security.svn.sourceforge.net/mod-security/?rev=1820&view=rev> http://mod-security.svn.sourceforge.net/mod-security/?rev=1820&view=rev Author: rcbarnett Date: 2011-07-21 11:59:54 +0000 (Thu, 21 Jul 2011) Log Message: ----------- Improvements: - Updated the SQLi Character Anomaly Detection Rules Bug Fixes: - Fixed Session Hijacking IP/UA hash captures Modified Paths: -------------- crs/trunk/CHANGELOG crs/trunk/base_rules/modsecurity_crs_20_protocol_violations.conf crs/trunk/base_rules/modsecurity_crs_21_protocol_anomalies.conf crs/trunk/base_rules/modsecurity_crs_23_request_limits.conf crs/trunk/base_rules/modsecurity_crs_30_http_policy.conf crs/trunk/base_rules/modsecurity_crs_35_bad_robots.conf crs/trunk/base_rules/modsecurity_crs_40_generic_attacks.conf crs/trunk/base_rules/modsecurity_crs_41_sql_injection_attacks.conf crs/trunk/base_rules/modsecurity_crs_41_xss_attacks.conf crs/trunk/base_rules/modsecurity_crs_42_tight_security.conf crs/trunk/base_rules/modsecurity_crs_45_trojans.conf crs/trunk/base_rules/modsecurity_crs_47_common_exceptions.conf crs/trunk/base_rules/modsecurity_crs_48_local_exceptions.conf.example crs/trunk/base_rules/modsecurity_crs_49_inbound_blocking.conf crs/trunk/base_rules/modsecurity_crs_50_outbound.conf crs/trunk/base_rules/modsecurity_crs_59_outbound_blocking.conf crs/trunk/base_rules/modsecurity_crs_60_correlation.conf crs/trunk/experimental_rules/modsecurity_crs_11_brute_force.conf crs/trunk/experimental_rules/modsecurity_crs_11_proxy_abuse.conf crs/trunk/experimental_rules/modsecurity_crs_11_slow_dos_protection.conf crs/trunk/experimental_rules/modsecurity_crs_25_cc_track_pan.conf crs/trunk/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf crs/trunk/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf crs/trunk/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf crs/trunk/experimental_rules/modsecurity_crs_40_appsensor_detection_point_3.0_end.conf crs/trunk/experimental_rules/modsecurity_crs_40_http_parameter_pollution.conf crs/trunk/experimental_rules/modsecurity_crs_41_advanced_filters.conf crs/trunk/experimental_rules/modsecurity_crs_42_csp_enforcement.conf crs/trunk/experimental_rules/modsecurity_crs_45_char_anomaly.conf crs/trunk/experimental_rules/modsecurity_crs_55_response_profiling.conf crs/trunk/experimental_rules/modsecurity_crs_56_pvs_checks.conf crs/trunk/experimental_rules/modsecurity_crs_61_ip_forensics.conf crs/trunk/modsecurity_crs_10_config.conf.example crs/trunk/optional_rules/modsecurity_crs_10_ignore_static.conf crs/trunk/optional_rules/modsecurity_crs_11_avs_traffic.conf crs/trunk/optional_rules/modsecurity_crs_13_xml_enabler.conf crs/trunk/optional_rules/modsecurity_crs_16_authentication_tracking.conf crs/trunk/optional_rules/modsecurity_crs_16_session_hijacking.conf crs/trunk/optional_rules/modsecurity_crs_16_username_tracking.conf crs/trunk/optional_rules/modsecurity_crs_25_cc_known.conf crs/trunk/optional_rules/modsecurity_crs_42_comment_spam.conf crs/trunk/optional_rules/modsecurity_crs_43_csrf_protection.conf crs/trunk/optional_rules/modsecurity_crs_46_av_scanning.conf crs/trunk/optional_rules/modsecurity_crs_47_skip_outbound_checks.conf crs/trunk/optional_rules/modsecurity_crs_49_header_tagging.conf crs/trunk/optional_rules/modsecurity_crs_55_application_defects.conf crs/trunk/optional_rules/modsecurity_crs_55_marketing.conf crs/trunk/slr_rules/modsecurity_crs_46_slr_et_joomla_attacks.conf crs/trunk/slr_rules/modsecurity_crs_46_slr_et_lfi_attacks.conf crs/trunk/slr_rules/modsecurity_crs_46_slr_et_phpbb_attacks.conf crs/trunk/slr_rules/modsecurity_crs_46_slr_et_rfi_attacks.conf crs/trunk/slr_rules/modsecurity_crs_46_slr_et_sqli_attacks.conf crs/trunk/slr_rules/modsecurity_crs_46_slr_et_wordpress_attacks.conf crs/trunk/slr_rules/modsecurity_crs_46_slr_et_xss_attacks.conf This was sent by the SourceForge.net<http://SourceForge.net> collaborative development platform, the world's largest Open Source development site. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
