Error normalizing REQUEST_URI

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

Re: Error normalizing REQUEST_URI

On 7/3/06, Kim <kim.galieo <at> yahoo.com> wrote:
>
>
> Folks:
>
> I saw these logs, some of our developers were testing this out. Was this
> problem with URL encoding in the test case or problem with mod_security
> normalization functions (logs were edited for site sensitive info). This
> happens on 1.x system.

Those all look like attacks to me. That and you have ModSecurity
configured to reject certain bytes (see your SecFilterForceByteRange
configuration).

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

ModSecurity Console Now Available...

Those of you that rely on ModSecurity daily might be interested to
learn that the final release of ModSecurity Console is now very close.
Today I uploaded v1.0.0-rc-2 (release candidate 2) to Thinking Stone
Network (https://www.thinkingstone.com/tsn/). I have been using the
console for months now and it has been perfectly reliable.

Here's the feature list (directly from the web site -
http://www.thinkingstone.com/products/console/):

1. Self-contained application that comes with an embedded web server
and an embedded database.
2. Collects logs and alerts from any number of remote sensors in real
time (reliably, securely, buffered, with support for disconnected
operation).
 3. Built on top of a reliable high-performance framework designed to
handle a large number of network events.
   4. User interface provides support for sensor, alert, and
transaction management.
   5. Runs on any platform that supports JDK/JRE 1.4 or better.
   6. Installs in under five minutes. (Installation on Windows and
Linux is fully automated.)
   7. Automated maintenance options keep the database at a manageable size.
   8. Sensor activity history.
   9. Alerting facilities.
  10. Reporting facilities. Nice and shiny reports in PDF format can
be scheduled or produced on-demand. Automatic distribution via email.
  11. Automatic DNS and Geo IP resolution.

On top of this, there's an $100 Early Adopter Discount, so it only
costs $350 at the moment.

If you ever wondered if there was something you could do to ensure the
continued availability and freedom of ModSecurity - this is a perfect
opportunity to act :)

With ModSecurity Console at the end of its development cycle I will be
focusing on getting ModSecurity 2.x out of the door soon too.

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Forrester evaluation of web application firewalls

During April and May I participated in a web application firewall
evaluation conducted by Forrester Research. It was a big event:
ModSecurity went head to head with other major web application
firewalls. I am happy to say we did really well!

The report is not publicly available but the summaries are. The
starting point is here:
http://www.forrester.com/Research/Document/Excerpt/0,7211,38766,00.html

Keep clicking the vendor names to get more information. Our summary is at:
http://www.forrester.com/Research/Document/Excerpt/0,7211,39714,00.html

If you have ever doubted ModSecurity because it's free or open source
now you know we can hold our own against the best WAFs out there :)

The obvious problems with ModSecurity is the lack of a proper (read:
GUI) management interface, and they have rightly pointed that out.
Once we catch up with the user interface (which I expect to happen
within 6-8 months) I strongly believe we will be a strong competitor
for the leadership.

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Forrester evaluation of web application firewalls

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

Re: Forrester evaluation of web application firewalls

On 7/3/06, Ryan Barnett <rcbarnett <at> gmail.com> wrote:
>
> Ivan,
> In the summary, he states the following -
>
> To compete in this market, ModSecurity must add the key missing
> functionalities, such as automatic policy learning and cookie, URL, and
> parameter protection.
>
> What was he referring to?  ModSecurity currently has the capability to
> create filters (either positive/negative) for cookies, URLs and parameters.
> What am I missing here?  What did they test in order to make that statement?

He's referring to cookie encryption and link signing. Both of which
could be coming in 2.1 (not sure yet).

> Other than that, congrats to you on the success of ModSecurity!  It is an
> outstanding app and you done an incredible job in both developing and
> supporting it.
>
> Keep up the fantastic work.

Thanks!

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Forrester evaluation of web application firewalls

Ivan Ristic wrote:
> The obvious problems with ModSecurity is the lack of a proper (read:
> GUI) management interface, and they have rightly pointed that out.
> Once we catch up with the user interface (which I expect to happen
> within 6-8 months) I strongly believe we will be a strong competitor
> for the leadership.

I don't think that GUIs belong on a server, and I certainly wouldn't 
call the lack of such a "problem".  I use Gentoo (without X), Apache, 
etc., because I can install the smallest amount of code necessary to 
achieve my objectives, know exactly what that code is doing, and not 
have to put up with thousands of undocumented security holes as a result 
of extraneous software and functionality.  An Apache configuration and 
logging interface to mod_security is all I need or want.  Perhaps 
"certified" technicians can't live without a GUI, but hackers love them 
just as much.  I'm quite content with the configuration interface 
currently available.  The furthest I would go toward a GUI is to pipe 
the logs through a program like AWStats to make charts and graphs of 
intrusions.  I would never endorse a Windows philosophy of programming 
or administration.

Tom

P.S. The Forrester links did not work.

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Forrester evaluation of web application firewalls

On 7/3/2006 10:17 AM, Ivan Ristic wrote:
> During April and May I participated in a web application firewall
> evaluation conducted by Forrester Research. It was a big event:
> ModSecurity went head to head with other major web application
> firewalls. I am happy to say we did really well!

Congratulations, Ivan!  That review was well-deserved.

This sentence says it all:

"ModSecurity's stringent implementation standards — build nothing unless you approach the highest
level of security — will push the entire Web application firewall market toward higher-quality products."

I'm glad they noticed! :)

Jim
--

-- 
Jim Watt                           EMAIL: jim @ Watt.COM
1044 Belvedere Lane                Voice: +1 408 446 9677
San Jose, CA 95129-2901            Fax:   +1 408 446 4907

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Forrester evaluation of web application firewalls

On 7/3/06, Tom Anderson <tanderso <at> oac-design.com> wrote:
> Ivan Ristic wrote:
> > The obvious problems with ModSecurity is the lack of a proper (read:
> > GUI) management interface, and they have rightly pointed that out.
> > Once we catch up with the user interface (which I expect to happen
> > within 6-8 months) I strongly believe we will be a strong competitor
> > for the leadership.
>
> I don't think that GUIs belong on a server

And I don't intend to put them there. The GUI would be implemented in
the central (management) console.

>, and I certainly wouldn't
> call the lack of such a "problem"

There are some things that are difficult to do from the command line.
Forensic research is one of them. Automated policy development is
another. My approach is to have both text-based configuration and a
GUI. Also, it is very difficult to sell a product without a GUI.

> P.S. The Forrester links did not work.

They do for me.

--

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Forrester evaluation of web application firewalls

On Mon, Jul 03, 2006 at 06:17:46PM +0100, Ivan Ristic wrote:
> During April and May I participated in a web application firewall
> evaluation conducted by Forrester Research. It was a big event:
> ModSecurity went head to head with other major web application
> firewalls. I am happy to say we did really well!

Congratulations Ivan. ModSecurity is a superb work. It deserves the best
critics.

Regards,

Alberto

--

-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642