[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    [mod-security-users] Re: Re: Log-parser
From:       "Evert" <evert () digipix ! org>
Date:       2005-05-23 21:15:29
Message-ID: d6th2c$v5k$1 () sea ! gmane ! org
[Download RAW message or body]

> The problem with this approach is
> what will your script do if the client submits non-standard client
> headers?  Will this be reported?

nope. but i hadn't seen any other tokens then the tokens i search for
in my parser script, so i didn't know that others where available.
what i can do is make an extra field in the dbase with 'other tokens'
then the tokens i search for... or redesign the parser to include only
the tokens that are available for a specific 'attack'. hmm. let me think
about this.

maybe you can help me a bit by sending some entries of your audit_log
with those extra headers.

kind regards,
Evert





-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
[prev in list] [next in list] [prev in thread] [next in thread]