Where I can find ModSecurity Rules for Specific Applications specially joomla, wordpress, mambo ?
Asked
Active
Viewed 2,087 times
3
-
2Have you tried looking at the website for ModSecurity? – pauska Apr 11 '12 at 22:01
-
What kind of rules are you looking for? – voretaq7 Apr 11 '12 at 22:05
-
anything to reduce any attack on famous cms !! rules for sql injection, xss etc – Libyano Apr 12 '12 at 08:45
1 Answers
2
The OWASP Core Ruleset contains a set called slr_rules which are created by SpiderLabs Research to protect against known vulnerabilities. These rules are not activated in the default configuration.
There are separate files for PHPBB, Joomla and Wordpress as well as files covering XSS, RFI, LFI and SQL attacks in these and many other popular web applications. Mambo is included in this list.
Many of the rules have an identifier included that can tell you where the vulnerability was announced and/or documented. The tags appear like this:
tag:'bugtraq,33103'
tag:'url,www.milw0rm.com/exploits/4026'
tag:'url,www.securityfocus.com/bid/36741/'
tag:'cve,CVE-2007-2825'
tag:'url,www.inliniac.net/blog/?p=71'
tag:'url,www.osvdb.org/34164'
tag:'url,www.owasp.org/index.php/PHP_File_Inclusion'
Trustwave also publish lots of interesting research on the SpiderLabs blog and this often includes mod_security rules for blocking specific threats they have detected hitting their honeypots.
You might also have some luck looking in the forums and bug tracking databases of the web applications in question. They are the people with the best incentive to create mod_security rules for their own applications.
Ladadadada
- 26,337
- 7
- 59
- 90