Fwd: mod_usertrack for User Tracking

Hi,
I am new to mod_usertrack.
Has anyone used this.
I have configured mod_usertrack.
The logs contain a unique number appended to the IP address of the remote host.
But if I close the browser then the number gets changed.
So How can I track that user.
Can anyone explain this to me.

Thanks

Regards
Sonny
INDIA

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: Fwd: mod_usertrack for User Tracking

Hey SONNY,

This list is focussing on ModSecurity. Mod_Usertrack is a topic for
the Apache mailinglist.

Otherwise, check the documentation of Mod_Usertrack. What you are
looking for is probably this:
http://httpd.apache.org/docs/2.2/mod/mod_usertrack.html#cookieexpires

Be sure you understand how cookies work.

Regs,

Christian 

--

-- 
Christian Folini, IT 222
Webserver Security Engineer

-----Ursprüngliche Nachricht-----
Von: SONNY LASKAR [mailto:sonnylaskar <at> gmail.com] 
Gesendet: Montag, 1. Juni 2009 11:27
An: mod-security-users <at> lists.sourceforge.net
Betreff: [mod-security-users] Fwd: mod_usertrack for User Tracking

Hi,
I am new to mod_usertrack.
Has anyone used this.
I have configured mod_usertrack.
The logs contain a unique number appended to the IP address of the remote host.

USE of GEOIP in mod Security

Dear All,
I have heard about GeoIP.
Will anyone tell how to configure it.
I have using apache 2.2.11 with Mod Security 2.5.7
I downloaded a GeoIp.dat file but could not proceed much.

Regards
SONNY
India

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Detecting ModSecuriity with WafW00f

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

ModSecurity Training at Blackhat USA 2009

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: Detecting ModSecuriity with WafW00f

Hi there,

Thanks for mentioning this presentation, Ryan. I have been attracted by
the pretentious title - and I left completely disappointed after a 40min
waste of time.

So the truth about WAFs is that you can detect/fingerprint them?
It sure takes an expert to find out. I have not checked the
sourcecode of the tool, but I am not surprised they go for the
most obvious behaviour characteristics. The ones that can be
faked most easily. 

Do not get me wrong: I like people providing tools like wafw00f.
It is nice to have a tool that automates the task of fingerprinting
a WAF. But the authors should do not sell it like a secret of the industry
and a big investigative discovery.

The 2nd part of the presentation was not any better either, but
I should better stop my rant here.

Best regards,

Christian Folini

On Wed, Jun 03, 2009 at 03:36:10PM -0400, Ryan Barnett wrote:
> Some of you may have seen/heard about the "Truth about Web Application Firewalls: What vendors don't want
you to know" presentation from the recent OWASP AppSec EU conference in Poland.  I have received a few
questions about the tool that they released called wafw00f and how it can potentially be used to identify
ModSecurity installations.  I went ahead and just released a blog post on this topic -
http://tacticalwebappsec.blogspot.com/2009/06/waf-detection-with-wafw00f.html.  Let me know if
you have any questions/comments.
> 
> -Ryan

> ------------------------------------------------------------------------------
> OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
> looking to deploy the next generation of Solaris that includes the latest 
> innovations from Sun and the OpenSource community. Download a copy and 
> enjoy capabilities such as Networking, Storage and Virtualization. 
> Go to: http://p.sf.net/sfu/opensolaris-get
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: ModSecurity Training at Blackhat USA 2009

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: Detecting ModSecuriity with WafW00f

-----Original Message-----
From: Christian Folini [mailto:christian.folini <at> time-machine.ch] 
Sent: Thursday, June 04, 2009 1:32 AM
To: Ryan Barnett
Cc: mod-security-users <at> lists.sourceforge.net
Subject: Re: [mod-security-users] Detecting ModSecuriity with WafW00f

Hi there,

Thanks for mentioning this presentation, Ryan. I have been attracted by
the pretentious title - and I left completely disappointed after a 40min
waste of time.

So the truth about WAFs is that you can detect/fingerprint them?
It sure takes an expert to find out. I have not checked the
sourcecode of the tool, but I am not surprised they go for the
most obvious behaviour characteristics. The ones that can be
faked most easily.

Do not get me wrong: I like people providing tools like wafw00f.
It is nice to have a tool that automates the task of fingerprinting
a WAF. But the authors should do not sell it like a secret of the industry
and a big investigative discovery.

The 2nd part of the presentation was not any better either, but
I should better stop my rant here.

[Ryan Barnett] Sounds like you were actually in attendance at the conference so you obviously have a
different perspective than I do (with regards to wasted time... :)  Yeah, the identification topic is
somewhat interesting however it certainly doesn't live up to the title of the talk.  The evasion section,
which I will do a blog post on soon, was more interesting to me and my understanding was that they had some
technical difficulties with the demoes and weren't able to show everything live during the preso.  WAF
evasions for negative security rules/signatures? Duh.  Specifically with XSS, there are just too many
ways to create functionally equivalent XSS code in JS that can bypass regex rules.  From a negative
security perspective, WAF rules are much like AV dat files where you are const
 antly behind the curve of the bad guys and have to react to identified bypasses by creating new rules.  The
positive security bypass issues, however, were more interesting to me as they highlight deeper issues
with the regular expression engine configuration combined with poor regex rules.

My general feeling with this WAF bypass topic is that it is *not* newsworthy to report on evasions of
negative security rules, however it is important to report on underlying problems with the WAF software
itself such as the DoS issue we have with ModSecurity
(http://blog.modsecurity.org/2009/03/modsecurity-vulnerabilities-fixed.html)  or Imperva's
XSS vuln in their console
(http://www.juniper.net/security/auto/vulnerabilities/vuln28279.html). 
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: Detecting ModSecuriity with WafW00f

On Thu, Jun 04, 2009 at 08:39:43AM -0400, Ryan Barnett wrote:
> Additionally, Brian Rectanus and I were discussing the possibility of hosting a "smoke-test" app on the
Mod site similar to what PHP-IDS is doing here - http://demo.php-ids.org/ - which would allow the
community to test bypass issues without having to download/install Mod themselves.

Yes, that would be a very good idea.

Regs,

Christian

--

-- 
Freedom is the freedom to say that two plus two make four. If that
is granted, all else follows.
--- George Orwell in Nineteen Eighty-Four

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

x-powered-by php N.N.N

Hi,

First and probably obsolete post to mod-security-users.

i've set expose_php = Off in php.ini still the HTTP headers display  
the version information for PHP, also. I've set a rewrite of the  
headers to a different version and distro.

It must be something i'm overlooking or did not yet read about.

Regards,

Joris

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html