[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] Rule causing Modsecurity to Segfault
From: kwenu <uzoka_a () yahoo ! co ! uk>
Date: 2011-08-29 11:24:10
Message-ID: 4E5B76DA.2060909 () yahoo ! co ! uk
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Fixed
error_log
[Mon Aug 29 11:21:55 2011] [notice] ModSecurity for Apache/2.6.1
(http://www.modsecurity.org/) configured.
[Mon Aug 29 11:21:55 2011] [notice] ModSecurity: APR compiled
version="1.3.12"; loaded version="1.3.12"
[Mon Aug 29 11:21:55 2011] [notice] ModSecurity: PCRE compiled
version="8.12"; loaded version="8.12 2011-01-15"
[Mon Aug 29 11:21:55 2011] [notice] ModSecurity: LIBXML compiled
version="2.6.23"
To resolve this issue i had to recompile our rpms - that is apache
2.2.19 and modsecurity 2.6.1 with apr, apr-util (1.3.12) and PCRE 8.12
Apache configuration from ./configure
--with-pcre=/usr/local/pcre/8.12/pcre-config \
--with-apr=/usr/local/apr/1.3.12/bin/apr-1-config \
--with-apr-util=/usr/local/apr-util/1.3.12/apu-1-config
Modsecurity was slightly more complex - this is what i had to do because
for some reason running configure broke on our build sytem
%define external_pcre 1
%if %{external_pcre}
. %{component_prefix}/%{TM_Pcre}-%{TM_Pcre_Build_Number}
%endif
if test -n ${PCRE_BINDIR}; then
if test -x ${PCRE_BINDIR}/pcre-config ; then
# fix to allow pcre libs and headers to be used
CFLAGS="$RPM_OPT_FLAGS `${PCRE_BINDIR}/pcre-config --cflags | sed
's/ *$//'`"
PCRE_LDADD="$PCRE_LDADD `${PCRE_BINDIR}/pcre-config --libs`"
fi
fi
export CFLAGS PRCE_LDADD
%if %{external_pcre}
--enable-pcre-study \
--with-pcre=${PCRE_BINDIR}/pcre-config \
%endif
--with-apr=$APR_BINDIR/apr-1-config \
--with-apu=$APR_UTIL_BINDIR/apu-1-config \
i have a simple
Testing proves that content is being returned correctly - i do get a
segmentation fault but only one after a cold restart
So this works thus far - will update when i get into work as i will
spider crawl the test website
Its a bank holiday here so have to wash and take the family out
Thanks for your help Breno
On 25/08/11 02:45, Breno Silva wrote:
> Hey Kwenu,
>
> Another user sent me informations in the same thread you open and i
> think it was you. So my suggestions is not for you :)
> Sorry for that confusion ...
>
> Please if you can send me your dump i will help you
>
> thanks
>
> Breno
>
> On Wed, Aug 24, 2011 at 7:45 AM, Breno Silva <breno.silva@gmail.com
> <mailto:breno.silva@gmail.com>> wrote:
>
> Ok kwenu,
>
> Did you set the SecPcre* directives i mention ?
>
> Thanks
>
> Breno
>
>
> On Wed, Aug 24, 2011 at 5:50 AM, kwenu <uzoka_a@yahoo.co.uk
> <mailto:uzoka_a@yahoo.co.uk>> wrote:
>
> Im using modsecurity 2.6.1 and crs 2.2.1
>
> I managed to figure out why dumps were not being created and
> this was due to the init script that calls a external script
> that checks to see whether a variable for ulimit -c is set and
> if not defaults the setting to 0.
>
> That done the crash dumps were practically useless - urhhhhhh
>
> Anyway im going to have to use apaches bundled version of pcre
> and hack it somewhat to work with our customised version of
> modsecurity spec file
>
> Thats the only way around this since recompiling apaches
> against OS pcre is out of the question for now
>
> Ill let you know if this works
>
>
>
>
> On 23/08/11 13:47, Breno Silva wrote:
> > Kwenu,
> >
> > Another important stuff is to have the same PCRE library
> > compiled with apache and modsecurity. The crashes we saw
> > until now is 100% caused by different library versions.
> >
> > What modsecurity version are u using ?
> >
> > thanks
> >
> > Breno
> >
> > On Tue, Aug 23, 2011 at 7:32 AM, Breno Silva
> > <breno.silva@gmail.com <mailto:breno.silva@gmail.com>> wrote:
> >
> > Hi Kwenu,
> >
> > Did you set ?
> >
> > * 6.28 SecPcreMatchLimit
> > <https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecPcreMatchLimit>
> >
> > * 6.29 SecPcreMatchLimitRecursion
> > <https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecPcreMatchLimitRecursion>
> >
> >
> >
> >
> > On Tue, Aug 23, 2011 at 6:06 AM, kwenu
> > <uzoka_a@yahoo.co.uk <mailto:uzoka_a@yahoo..co.uk>> wrote:
> >
> > I cannot get a core dump - we have a customised build
> > of apache using our own modules -
> >
> > Im currently using ltrace as strace did not show
> > anything other than mprotect call that was followed
> > by a kill SIGSEGV
> >
> > Ill ltrace this and send as soon as
> >
> > On 22/08/11 18:24, Breno Silva wrote:
> > > Hi Kwenu,
> > >
> > > Please follow this instructions and send me in
> > > private e-mail. What is your ModSecurity and Apache
> > > version ? if it is 2.6.x please send me the
> > > libraries versions you are using (you can get this
> > > info into error.log).
> > >
> > > Make sure there is a core dump area with something like:
> > >
> > > CoreDumpDirectory /tmp
> > >
> > > Make sure limits are set to dump core:
> > >
> > > ulimit -c unlimited
> > >
> > > Restart and trigger the error. A core file should
> > > be in the directory
> > > you specified.
> > >
> > > Then use gdb to get a backtrace:
> > >
> > > 1) gdb /path/to/httpd /path/to/core
> > > 2) within gdb enter:
> > >
> > > thread apply all bt full
> > >
> > > You can get it into a file with something like:
> > >
> > > gdb /path/to/httpd /path/to/core --batch --quiet \
> > > -ex "thread apply all bt full" > backtrace.log
> > >
> > >
> > > Please send me back the backtrace.log
> > >
> > > Thanks
> > >
> > > Breno
> > >
> > > On Mon, Aug 22, 2011 at 12:05 PM, kwenu
> > > <uzoka_a@yahoo.co.uk <mailto:uzoka_a@yahoo.co.uk>>
> > > wrote:
> > >
> > > Hi
> > >
> > > We are using a custom install of apache httpd
> > > compiled against APR 1.49 using MPM worker and
> > > PHP to server dynamic content
> > >
> > > The following rule here is causing the web
> > > server not to return any images but text only
> > > for intermittent requests
> > >
> > > The httpd error_log file emits the following
> > > error message
> > >
> > > [notice] child pid 25571 exit signal
> > > Segmentation fault (11)
> > >
> > > I have tried attaching gdb and strace (strace
> > > did provide some clues but not alot - "strace -v
> > > -f -p 12345 /tmp/httpd-strace" ) to it since i
> > > cannot get a coredump going at all even after
> > > setting CoreDumpDirectory /tmp and setting
> > > ulimit -c unlimited for the user that the
> > > process runs under
> > >
> > > When i remove the following line from
> > > modsecurity_crs_48_globalexceptions.conf web
> > > pages are returned correctly albeit error
> > > messages are still emitted
> > >
> > > SecRule
> > > &TX:'/981173-WEB_ATTACK/RESTRICTED_SQLI_CHARS-TX:restricted_sqli_char_count/'
> > > "@gt 0" "setvar:tx.anomaly_score=-4"
> > >
> > > The above rule was the only way i could set the
> > > anomaly score for rule 981173. I would have
> > > prefered updating the operator "@ge 4" instead
> > > but cannot find a way of doing this
> > >
> > > modsecurity_crs_41_sql_injection_attacks.conf:
> > > SecRule TX:RESTRICTED_SQLI_CHAR_COUNT "@ge 4"
> > > "phase:2,t:none,block,id:'981173',rev:'2.2.1',msg:'Restricted
> > > SQL Character Anomaly Detection Alert - Total #
> > > of special characters
> > > exceeded',logdata:'%{matched_var}',setvar:tx.anomaly_score=+%{tx.warning_anomaly \
> > > _score},setvar:tx.sql_injection_score=+1,setvar:'tx.msg=%{rule.msg}',setvar:tx.%{rule.id
> > > <http://rule.id>}-WEB_ATTACK/RESTRICTED_SQLI_CHARS-%{matched_var_name}=%{tx.0}"
> > >
> > > Is there a better way of updating the above
> > > rules operator "@ge 4" so that i can increase
> > > count thereby dealing with the false positives
> > > that are created by this rule??
> > >
> > >
> > >
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > uberSVN's rich system and user administration
> > > capabilities and model
> > > configuration take the hassle out of deploying
> > > and managing Subversion and
> > > the tools developers use with it. Learn more
> > > about uberSVN and get a free
> > > download at: http://p.sf.net/sfu/wandisco-dev2dev
> > >
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod-security-users@lists.sourceforge.net
> > > <mailto:mod-security-users@lists.sourceforge.net>
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > ModSecurity Services from Trustwave's SpiderLabs:
> > > https://www.trustwave.com/application-security.php
> > >
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > uberSVN's rich system and user administration capabilities and model
> > > configuration take the hassle out of deploying and managing Subversion and
> > > the tools developers use with it. Learn more about uberSVN and get a free
> > > download at:http://p.sf.net/sfu/wandisco-dev2dev
> > >
> > >
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod-security-users@lists.sourceforge.net \
> > > <mailto:mod-security-users@lists.sourceforge.net> \
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users ModSecurity \
> > > Services from Trustwave's SpiderLabs: \
> > > https://www.trustwave.com/application-security.php
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
> > user administration capabilities and model configuration. Take
> > the hassle out of deploying and managing Subversion and the
> > tools developers use with it.http://p.sf.net/sfu/wandisco-d2d-2
> >
> >
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users@lists.sourceforge.net \
> > <mailto:mod-security-users@lists.sourceforge.net> \
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users ModSecurity \
> > Services from Trustwave's SpiderLabs: \
> > https://www.trustwave.com/application-security.php
>
>
>
>
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management
> Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
>
>
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/application-security.php
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Fixed<br>
error_log<br>
<br>
[Mon Aug 29 11:21:55 2011] [notice] ModSecurity for Apache/2.6.1
(<a class="moz-txt-link-freetext" \
href="http://www.modsecurity.org/">http://www.modsecurity.org/</a>) configured.<br> \
[Mon Aug 29 11:21:55 2011] [notice] ModSecurity: APR compiled version="1.3.12"; \
loaded version="1.3.12"<br> [Mon Aug 29 11:21:55 2011] [notice] ModSecurity: PCRE \
compiled version="8.12"; loaded version="8.12 2011-01-15"<br>
[Mon Aug 29 11:21:55 2011] [notice] ModSecurity: LIBXML compiled
version="2.6.23"<br>
<br>
<br>
To resolve this issue i had to recompile our rpms - that is apache
2.2.19 and modsecurity 2.6.1 with apr, apr-util (1.3.12) and PCRE
8.12 <br>
<br>
Apache configuration from ./configure<br>
<br>
\
--with-pcre=/usr/local/pcre/8.12/pcre-config \<br> \
\
--with-apr=/usr/local/apr/1.3.12/bin/apr-1-config \<br> \
\
--with-apr-util=/usr/local/apr-util/1.3.12/apu-1-config <br> <br>
Modsecurity was slightly more complex - this is what i had to do
because for some reason running configure broke on our build sytem<br>
<br>
<br>
<br>
%define external_pcre 1<br>
<br>
%if %{external_pcre}<br>
. %{component_prefix}/%{TM_Pcre}-%{TM_Pcre_Build_Number}<br>
%endif<br>
<br>
if test -n ${PCRE_BINDIR}; then<br>
if test -x ${PCRE_BINDIR}/pcre-config ; then<br>
# fix to allow pcre libs and headers to be used \
<br> CFLAGS="$RPM_OPT_FLAGS \
`${PCRE_BINDIR}/pcre-config --cflags | sed 's/ *$//'`"<br>
PCRE_LDADD="$PCRE_LDADD \
`${PCRE_BINDIR}/pcre-config --libs`"<br> fi<br>
fi<br>
export CFLAGS PRCE_LDADD<br>
<br>
<br>
%if %{external_pcre}<br>
\
--enable-pcre-study \<br> \
\
--with-pcre=${PCRE_BINDIR}/pcre-config \<br> %endif<br>
\
--with-apr=$APR_BINDIR/apr-1-config \<br> \
\
--with-apu=$APR_UTIL_BINDIR/apu-1-config \<br> <br>
i have a simple <br>
<br>
<br>
Testing proves that content is being returned correctly - i do get a
segmentation fault but only one after a cold restart<br>
<br>
So this works thus far - will update when i get into work as i will
spider crawl the test website<br>
<br>
Its a bank holiday here so have to wash and take the family out <br>
<br>
Thanks for your help Breno<br>
<br>
<br>
<br>
On 25/08/11 02:45, Breno Silva wrote:
<blockquote
cite="mid:CAHQz1r+8XKiZiuP7j6YRq8d8nwbdnk+Y+fFhJNHA585_yO6Sqw@mail.gmail.com"
type="cite">Hey Kwenu,<br>
<br>
Another user sent me informations in the same thread you open and
i think it was you. So my suggestions is not for you :) <br>
Sorry for that confusion ... <br>
<br>
Please if you can send me your dump i will help you<br>
<br>
thanks<br>
<br>
Breno<br>
<br>
<div class="gmail_quote">On Wed, Aug 24, 2011 at 7:45 AM, Breno
Silva <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:breno.silva@gmail.com">breno.silva@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
Ok kwenu,<br>
<br>
Did you set the SecPcre* directives i mention ?<br>
<br>
Thanks<br>
<font color="#888888"><br>
Breno</font>
<div>
<div class="h5"><br>
<br>
<div class="gmail_quote">On Wed, Aug 24, 2011 at 5:50 AM,
kwenu <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:uzoka_a@yahoo.co.uk" \
target="_blank">uzoka_a@yahoo.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000"> Im using
modsecurity 2.6.1 and crs 2.2.1<br>
<br>
I managed to figure out why dumps were not being
created and this was due to the init script that
calls a external script that checks to see whether a
variable for ulimit -c is set and if not defaults
the setting to 0.<br>
<br>
That done the crash dumps were practically useless -
urhhhhhh<br>
<br>
Anyway im going to have to use apaches bundled
version of pcre and hack it somewhat to work with
our customised version of modsecurity spec file<br>
<br>
Thats the only way around this since recompiling
apaches against OS pcre is out of the question for
now<br>
<br>
Ill let you know if this works
<div>
<div><br>
<br>
<br>
<br>
On 23/08/11 13:47, Breno Silva wrote: </div>
</div>
<blockquote type="cite">
<div>
<div>Kwenu,<br>
<br>
Another important stuff is to have the same
PCRE library compiled with apache and
modsecurity. The crashes we saw until now is
100% caused by different library versions.<br>
<br>
What modsecurity version are u using ?<br>
<br>
thanks<br>
<br>
Breno<br>
<br>
<div class="gmail_quote">On Tue, Aug 23, 2011
at 7:32 AM, Breno Silva <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:breno.silva@gmail.com"
target="_blank">breno.silva@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin: 0pt 0pt 0pt 0.8ex;
border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;"> Hi Kwenu,<br>
<br>
Did you set ?<br>
<ul>
<li><a moz-do-not-send="true"
href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecPcreMatchLimit"
target="_blank"><span>6.28</span> \
<span>SecPcreMatchLimit</span></a></li> <li><a moz-do-not-send="true"
href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecPcreMatchLimitRecursion"
target="_blank"><span>6.29</span> \
<span>SecPcreMatchLimitRecursion</span></a> <br>
</li>
</ul>
<div>
<div><br>
<br>
<div class="gmail_quote">On Tue, Aug
23, 2011 at 6:06 AM, kwenu <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:uzoka_a@yahoo..co.uk"
\
target="_blank">uzoka_a@yahoo.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote"
style="margin: 0pt 0pt 0pt 0.8ex;
border-left: 1px solid rgb(204,
204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff"
text="#000000"> I cannot get a
core dump - we have a customised
build of apache using our own
modules - <br>
<br>
Im currently using ltrace as
strace did not show anything
other than mprotect call that
was followed by a kill SIGSEGV <br>
<br>
Ill ltrace this and send as soon
as <br>
<div>
<div> <br>
On 22/08/11 18:24, Breno
Silva wrote:
<blockquote type="cite">Hi
Kwenu,<br>
<br>
Please follow this
instructions and send me
in private e-mail. What is
your ModSecurity and
Apache version ? if it is
2.6.x please send me the
libraries versions you are
using (you can get this
info into error.log).<br>
<br>
Make sure there is a core
dump area with something
like:<br>
<br>
CoreDumpDirectory /tmp<br>
<br>
Make sure limits are set
to dump core:<br>
<br>
ulimit -c unlimited<br>
<br>
Restart and trigger the
error. A core file should
be in the directory<br>
you specified.<br>
<br>
Then use gdb to get a
backtrace:<br>
<br>
1) gdb /path/to/httpd
/path/to/core<br>
2) within gdb enter:<br>
<br>
thread apply all bt full<br>
<br>
You can get it into a file
with something like:<br>
<br>
gdb /path/to/httpd
/path/to/core --batch
--quiet \<br>
-ex "thread apply all bt
full" > backtrace.log<br>
<br>
<br>
Please send me back the
backtrace.log<br>
<br>
Thanks<br>
<br>
Breno<br>
<br>
<div class="gmail_quote">On
Mon, Aug 22, 2011 at
12:05 PM, kwenu <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:uzoka_a@yahoo.co.uk" target="_blank">uzoka_a@yahoo.co.uk</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin: 0pt 0pt
0pt 0.8ex;
border-left: 1px solid
rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff"
text="#000000"> <font
size="-1">Hi <br>
<br>
We are using a
custom install of
apache httpd
compiled against
APR 1.49 using MPM
worker and PHP to
server dynamic
content <br>
<br>
The following rule
here is causing
the web server not
to return any
images but text
only for
intermittent
requests <br>
<br>
The httpd
error_log file
emits the
following error
message<br>
<br>
[notice] child pid
25571 exit signal
Segmentation fault
(11)<br>
<br>
I have tried
attaching gdb and
strace (strace did
provide some clues
but not alot -
"strace -v -f -p
12345
/tmp/httpd-strace"
) to it since i
cannot get a
coredump going at
all even after
setting
CoreDumpDirectory
/tmp and setting
ulimit -c
unlimited for the
user that the
process runs under<br>
<br>
When i remove the
following line
from
\
modsecurity_crs_48_globalexceptions.conf web pages are
returned correctly
albeit error
messages are still
emitted<br>
<br>
SecRule
\
&TX:'/981173-WEB_ATTACK/RESTRICTED_SQLI_CHARS-TX:restricted_sqli_char_count/'
"@gt 0"
\
"setvar:tx.anomaly_score=-4"<br> <br>
The above rule was
the only way i
could set the
anomaly score for
rule </font><font
size="-1">981173</font>.
<small>I would have
prefered updating
the operator "@ge
4" instead but
cannot find a way
of doing this<br>
<br>
modsecurity_crs_41_sql_injection_attacks.conf:<br>
SecRule
TX:RESTRICTED_SQLI_CHAR_COUNT
"@ge 4"
\
"phase:2,t:none,block,id:'981173',rev:'2.2.1',msg:'Restricted SQL Character
Anomaly Detection
Alert - Total # of
special characters
exceeded',logdata:'%{matched_var}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.sql_injection_score=+1,setvar:'tx.msg=%{rule.msg}',setvar:tx.%{<a
moz-do-not-send="true" href="http://rule.id" \
target="_blank">rule.id</a>}-WEB_ATTACK/RESTRICTED_SQLI_CHARS-%{matched_var_name}=%{tx.0}"<br>
<br>
Is there a better
way of updating
the above rules
operator </small><small>"@ge
4" </small><small>so
that i can
increase count
thereby dealing
with the false
positives that are
created by this
rule??<br>
<br>
<br>
</small><font
size="-1"><br>
<br>
</font> </div>
<br>
------------------------------------------------------------------------------<br>
uberSVN's rich system
and user
administration
capabilities and model<br>
configuration take the
hassle out of
deploying and managing
Subversion and<br>
the tools developers
use with it. Learn
more about uberSVN and
get a free<br>
download at: <a
moz-do-not-send="true"
href="http://p.sf.net/sfu/wandisco-dev2dev" \
target="_blank">http://p.sf.net/sfu/wandisco-dev2dev</a><br> <br>
_______________________________________________<br>
mod-security-users
mailing list<br>
<a
moz-do-not-send="true"
href="mailto:mod-security-users@lists.sourceforge.net" \
target="_blank">mod-security-users@lists.sourceforge.net</a><br> <a
moz-do-not-send="true"
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users"
\
target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a><br>
ModSecurity Services
from Trustwave's
SpiderLabs:<br>
<a
moz-do-not-send="true"
href="https://www.trustwave.com/application-security.php"
\
target="_blank">https://www.trustwave.com/application-security.php</a><br> <br>
</blockquote>
</div>
<br>
<pre><fieldset></fieldset>
------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model
configuration take the hassle out of deploying and managing Subversion and
the tools developers use with it. Learn more about uberSVN and get a free
download at: <a moz-do-not-send="true" href="http://p.sf.net/sfu/wandisco-dev2dev" \
target="_blank">http://p.sf.net/sfu/wandisco-dev2dev</a> </pre>
<pre><fieldset></fieldset>
_______________________________________________
mod-security-users mailing list
<a moz-do-not-send="true" href="mailto:mod-security-users@lists.sourceforge.net" \
target="_blank">mod-security-users@lists.sourceforge.net</a> <a \
moz-do-not-send="true" \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a> \
ModSecurity Services from Trustwave's SpiderLabs: <a moz-do-not-send="true" \
href="https://www.trustwave.com/application-security.php" \
target="_blank">https://www.trustwave.com/application-security.php</a> </pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<pre><fieldset></fieldset>
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. <a moz-do-not-send="true" \
href="http://p.sf.net/sfu/wandisco-d2d-2" \
target="_blank">http://p.sf.net/sfu/wandisco-d2d-2</a> </pre>
<div>
<pre><fieldset></fieldset>
_______________________________________________
mod-security-users mailing list
<a moz-do-not-send="true" href="mailto:mod-security-users@lists.sourceforge.net" \
target="_blank">mod-security-users@lists.sourceforge.net</a> <a \
moz-do-not-send="true" \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a> \
ModSecurity Services from Trustwave's SpiderLabs: <a moz-do-not-send="true" \
href="https://www.trustwave.com/application-security.php" \
target="_blank">https://www.trustwave.com/application-security.php</a> </pre>
</div>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. <a class="moz-txt-link-freetext" \
href="http://p.sf.net/sfu/emc-vnx-dev2dev">http://p.sf.net/sfu/emc-vnx-dev2dev</a></pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
mod-security-users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:mod-security-users@lists.sourceforge.net">mod-security-users@lists.sourceforge.net</a>
<a class="moz-txt-link-freetext" \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a>
ModSecurity Services from Trustwave's SpiderLabs:
<a class="moz-txt-link-freetext" \
href="https://www.trustwave.com/application-security.php">https://www.trustwave.com/application-security.php</a>
</pre>
</blockquote>
<br>
</body>
</html>
------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/application-security.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic