Hey Eero, I merged the PR earlier today, it is in the v3.1/dev branch if you want to try it. Christian generalized the rule so it just looks for 'F-Secure Radar' within the user agent, none of the random UID's should cause false negatives. Best of luck!
On Wed, Mar 14, 2018 at 6:57 PM, Eero Volotinen <eero.voloti...@iki.fi> wrote: > Thanks, I will try to test it on today/tomorrow. > > also noticed that useragent can also contain some random id string like ' > 59e85179-1c46-4f3a-acd1-5c5f6967dc00' > this might be related to scan task id? see grep from my logs: > > https://pastebin.com/6wnitcXQ > > Eero > > On Wed, Mar 14, 2018 at 11:09 PM, Christian Folini < > christian.fol...@netnea.com> wrote: > >> Hey Eero, >> >> Thank you for the suggestion. I just made this into a pull request. >> >> https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1039 >> >> Please try it out and confirm detection works as intended. >> Ideally on github. >> >> Ahoj, >> >> Christian >> >> >> >> On Tue, Mar 13, 2018 at 02:20:30PM +0200, Eero Volotinen wrote: >> > Hi, >> > Please add entry for f-secure radar: >> > #[1]https://www.f-secure.com/en/web/business_global/radar >> > User-Agent: Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; >> > SV1; .NET CLR 3.0.04506.30) F-Secure Radar >> > br, >> > Eero >> > >> > References >> > >> > 1. https://www.f-secure.com/en/web/business_global/radar >> >> > _______________________________________________ >> > Owasp-modsecurity-core-rule-set mailing list >> > Owasp-modsecurity-core-rule-set@lists.owasp.org >> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity- >> core-rule-set >> >> >> -- >> https://www.feistyduck.com/training/modsecurity-training-course >> https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:christian.fol...@netnea.com >> twitter: @ChrFolini >> > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > -- -- Chaim Sanders http://www.ChaimSanders.com
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set