[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] Offline Monitoring Using ModSecurity
From: VectorSites <admin () vectorsites ! com>
Date: 2014-08-05 13:48:07
Message-ID: 53E0E097.6020809 () vectorsites ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I have mlog2waffle running now, I see in debug mode that the controller
is giving an OK 200 response but I do not see a mysql connection being
made at that point. When I refresh the page there is a proper connection
being made. Seems the controller is not trying to connect.
--------- Event Index ---------
[modsecurity] [client 71.47.xxx.xxx] [domain www.mydomain.com] [403]
[/apache/20140805/20140805-0939/20140805-093946--SXwE8BR@b4AAExLWSkAAAAC] [file
"/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "302"] [id "340016"]
[rev "32"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Possible SQL
injection attempt detected"] [data "select * from m"] [severity
"CRITICAL"] Access denied with code 403 (phase 2). Pattern match
"(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|des \
cribe)[[:space:]]+[a-z|0-9|\\*|\\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\\*| \
|\\,]|\\bunion\\b.{1,256}?select.{1,256}[a-z0-9].{1,25 ..." at REQUEST_URI.
--------- mlog2waffle to WAF-FLE Request ---------
PUT http://secure.mydomain.com/controller/
Connection: Keep-Alive
Authorization: Basic d2FmZmxlOjY0bXR6enNz
User-Agent: mlog2waffle/0.6.3
Content-Length: 2279
X-Content-Hash:
X-ForensicLog-Summary: [modsecurity] [client 71.47.xxx.xxx] [domain
www.mydomain.com] [403]
[/apache/20140805/20140805-0939/20140805-093946--SXwE8BR@b4AAExLWSkAAAAC] [file
"/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "302"] [id "340016"]
[rev "32"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Possible SQL
injection attempt detected"] [data "select * from m"] [severity
"CRITICAL"] Access denied with code 403 (phase 2). Pattern match
"(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|des \
cribe)[[:space:]]+[a-z|0-9|\\*|\\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\\*| \
|\\,]|\\bunion\\b.{1,256}?select.{1,256}[a-z0-9].{1,25 ..." at REQUEST_URI.
X-WAFFLE-Debug: ON
--360bfe02-A--
[05/Aug/2014:09:39:46 --0400] -SXwE8BR@b4AAExLWSkAAAAC 71.47.205.101
47935 192.81.249.190 80
--360bfe02-B--
GET /index.php?SELECT%20*%20FROM%20mysql.users HTTP/1.1
Host: www.mydomain.com
Connection: keep-alive
Cache-Control: no-cache
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/36.0.1985.125 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: 92829377eec37f99c7148d7772f017ad=pnp8ft2djfsj89epr6ph6q6p55;
__utma=220892447.375733623.1405374693.1407211348.1407217719.14;
__utmc=220892447;
__utmz=220892447.1405374693.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__zlcid=%7B%22mID%22%3A%22Q0dvurDLef4oE6%22%2C%22sid%22%3A%22140805.105726.1Pa9L5rL%22%7D
--360bfe02-F--
HTTP/1.1 403 Forbidden
Content-Length: 280
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
--360bfe02-E--
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /index.php
on this server.</p>
<hr>
<address>Apache Server at www.mydomain.com Port 80</address>
</body></html>
--360bfe02-H--
Message: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line
"302"] [id "340016"] [rev "32"] [msg "Atomicorp.com UNSUPPORTED DELAYED
Rules: Possible SQL injection attempt detected"] [data "select * from
m"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern
match
"(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|des \
cribe)[[:space:]]+[a-z|0-9|\\*|\\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\\*| \
|\\,]|\\bunion\\b.{1,256}?select.{1,256}[a-z0-9].{1,25 ..." at REQUEST_URI.
Action: Intercepted (phase 2)
Apache-Handler: fcgid-script
Stopwatch: 1407245986689043 19246 (- - -)
Stopwatch2: 1407245986689043 19246; combined=986, p1=31, p2=948, p3=0,
p4=0, p5=7, sr=0, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
WAF: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/);
201001071602.
Server: Apache/2.2.3 (CentOS)
Engine-Mode: "ENABLED"
--360bfe02-Z--
--------- WAF-FLE to mlog2waffle Response ---------
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache
Connection: Keep-Alive
Date: Tue, 05 Aug 2014 13:39:49 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1
Content-Type: text/html
Client-Date: Tue, 05 Aug 2014 13:39:49 GMT
Client-Peer: 192.81.249.190:80
Client-Response-Num: 1
Keep-Alive: timeout=15, max=100
X-Mod-Pagespeed: 1.8.31.4-4009
mod_security.i386 1:2.8.0-24.el5.art
waf-fle Version 0.6.4
php PDO is installed and verified.
Can't seem to turn off mod_pagespeed to see if that has something to do
with it..
On 8/4/2014 9:06 PM, Klaubert Herr da Silveira wrote:
> Rob Way,
>
> the problem is that Perl only support named capture group starting in
> version 5.10. And your is 5.8.8, that is the problem.
>
> I just changed mlog2waffle to not use named capture group in github.
> Try this version:
> https://github.com/klaubert/waf-fle/blob/0.7.0-devel/extra/mlog2waffle/mlog2waffle
>
> best regards,
>
> Klaubert Herr
> http://waf-fle.org
>
>
> On Mon, Aug 4, 2014 at 3:16 PM, vectorsites <admin@vectorsites.com
> <mailto:admin@vectorsites.com>> wrote:
>
> Hi, I tried to follow this and when starting mlog2waffle I get
> this error... CentOS release 5.10 (Final) | perl v5.8.8 all mods
> installed
>
> Sequence (?<f...) not recognized in regex; marked by <-- HERE in m/
> ^ # Start
> (?: # Support to Atomic Turtle mod_security log format
> \[modsecurity\]\s
> \[[^\]]+\]\s
> \[[^\]]+\]\s
> \[[^\]]+\]\s
> \[(?<f <-- HERE ile>[^\]]+)\]\s)
> >
> (?:
> .* # Hostname
> \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s # IP Address
> \S+\s # Username
> \S+\s #
> \S+\s # Timestamp
> at /usr/sbin/mlog2waffle line 295.
> [FAILED]
>
>
>
> On 8/4/2014 1:07 PM, Suresh Prajapati wrote:
> > Hey Craig,
> >
> > Its going to help me lot ..thanks again appreciated.
> >
> > Regards,
> >
> >
> > On Mon, Aug 4, 2014 at 4:42 PM, Craig Lawson
> > <craig.lawson@secarma.co.uk <mailto:craig.lawson@secarma.co.uk>>
> > wrote:
> >
> > Hi Suresh:
> >
> > These work for CentOS 6, obviously there maybe ways we do
> > things that don't quite fit into your environment but I'm
> > sure you can adjust appropriately:
> >
> > *Pre-Requisites:*
> >
> > yum install perl-CPAN
> >
> > perl -MCPAN -e shell
> >
> > install LWP::UserAgent
> >
> > install LWP::Protocol::https
> >
> > yum install perl-libwww-perl perl-Time-HiRes perl-File-Pid
> > perl-File-Tail perl-Crypt-SSLeay
> >
> > *mlog2waffle:*
> >
> > wget https://github.com/klaubert/waf-fle/archive/master.zip
> >
> > unzip master.zip
> >
> > cd waf-fle-master
> >
> > cp extra/mlog2waffle/mlog2waffle /usr/sbin/mlog2waffle
> >
> > chmod +x /usr/sbin/mlog2waffle
> >
> > cp extra/mlog2waffle/mlog2waffle.rhel /etc/init.d/mlog2waffle
> >
> > cp extra/mlog2waffle/mlog2waffle.conf /etc/mlog2waffle.conf
> >
> > touch /opt/modsecurity/var/mlog2waffle-index
> >
> > # Edit /etc/mlog2waffle.conf to reflect your needs, the file
> > has many comments
> >
> > # to help you in adjust the parameters
> >
> > # Edit your mod_security.conf to reflect the changes between
> > mlogc.conf
> >
> > # and mlogc2waffle.conf
> >
> > chkconfig --add mlog2waffle
> >
> > service mlog2waffle start
> >
> > Craig
> >
> > *From:*Suresh Prajapati
> > [mailto:suresh.prajapati@bankbazaar.com
> > <mailto:suresh.prajapati@bankbazaar.com>]
> > *Sent:* 04 August 2014 11:44
> > *To:* mod-security-users@lists.sourceforge.net
> > <mailto:mod-security-users@lists.sourceforge.net>
> >
> >
> > *Subject:* Re: [mod-security-users] Offline Monitoring Using
> > ModSecurity
> >
> > Hey Craig,
> >
> > That can solve my problem , If you have have any help doc on
> > this please share if you can thanks for helping.
> >
> > Regards,
> >
> > Suresh
> >
> > On Mon, Aug 4, 2014 at 4:07 PM, Craig Lawson
> > <craig.lawson@secarma.co.uk
> > <mailto:craig.lawson@secarma.co.uk>> wrote:
> >
> > I've had / seen the 100% cpu mlogc issue... We now use the
> > log agent that comes with WAF-FLE to send our logs to
> > AuditConsole, works for us.
> >
> > C
> >
> >
> >
> > -----Original Message-----
> > From: Christian Bockermann [mailto:chris@jwall.org
> > <mailto:chris@jwall.org>]
> > Sent: 04 August 2014 10:18
> > To: Mod Security
> > Subject: Re: [mod-security-users] Offline Monitoring Using
> > ModSecurity
> >
> >
> > Am 04.08.2014 um 11:01 schrieb Reindl Harald
> > <h.reindl@thelounge.net <mailto:h.reindl@thelounge.net>>:
> > > Am 04.08.2014 um 10:51 schrieb Suresh Prajapati:
> > > > So what is the other way to avoide the mlogc load on
> > Apache server to use ModSecurity ?
> > > > As modSecurity is taking lot of CPU and on some Server
> > 100% CPU utilization.
> > >
> > > what mlogc load are you talking about?
> > >
> > > if you have 100% CPU load the reason is just a wrong config for
> > > production and not that mod_security is running and so
> >
> > That might refer to a rather hard-to-reproduce bug that makes
> > mlogc spin wildly with 100% CPU consumption due to some locks
> > in the process.
> >
> > Not sure if that is solved in the latest version, but that
> > used to be an issue for quite a while and one of the main
> > reasons, people turned away from mlogc.
> >
> > Regards,
> > Chris
> >
> > ________________________________
> >
> > NOTICE AND DISCLAIMER
> > This e-mail (including any attachments) is intended for the
> > above-named person(s). If you are not the intended recipient,
> > notify the sender immediately, delete this email from your
> > system and do not disclose or use for any purpose. We may
> > monitor all incoming and outgoing emails in line with current
> > legislation. We have taken steps to ensure that this email
> > and attachments are free from any virus, but it remains your
> > responsibility to ensure that viruses do not adversely affect you
> >
> >
> > ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users@lists.sourceforge.net
> > <mailto:mod-security-users@lists.sourceforge.net>
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's
> > SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
> >
> >
> >
> > --
> >
> > Thanks,
> >
> > Suresh
> >
> > Information Security Analyst
> >
> > suresh.prajapati@bankbazaar.com
> > <mailto:suresh.prajapati@bankbazaar.com>
> > Mobile: +91 8884199479 <tel:%2B91%208884199479>
> >
> > DISCLAIMER:
> >
> > Information contained and transmitted by this email including
> > any attachment is proprietary to BankBazaar.com and is
> > intended solely for the addressee/s, and may contain
> > information that is privileged, confidential or exempt from
> > disclosure under applicable law. Access to this e-mail and/or
> > to the attachment by anyone else is unauthorized. If this is
> > a forwarded message, the content and the views expressed in
> > this email may not reflect those of BankBazaar.com. If you
> > are not the intended recipient, an agent of the intended
> > recipient or a person responsible for delivering the
> > information to the named recipient, you are notified that any
> > use, distribution, transmission, printing, copying or
> > dissemination of this information in any way or in any manner
> > is strictly prohibited.
> >
> >
> > ------------------------------------------------------------------------
> >
> > NOTICE AND DISCLAIMER
> > This e-mail (including any attachments) is intended for the
> > above-named person(s). If you are not the intended recipient,
> > notify the sender immediately, delete this email from your
> > system and do not disclose or use for any purpose. We may
> > monitor all incoming and outgoing emails in line with current
> > legislation. We have taken steps to ensure that this email
> > and attachments are free from any virus, but it remains your
> > responsibility to ensure that viruses do not adversely affect you
> >
> > ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users@lists.sourceforge.net
> > <mailto:mod-security-users@lists.sourceforge.net>
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's
> > SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
> >
> >
> >
> >
> > --
> > Thanks,
> > Suresh
> > Information Security Analyst
> > suresh.prajapati@bankbazaar.com
> > <mailto:suresh.prajapati@bankbazaar.com>
> > Mobile: +91 8884199479 <tel:%2B91%208884199479>
> > DISCLAIMER:
> > Information contained and transmitted by this email including any
> > attachment is proprietary to BankBazaar.com and is intended
> > solely for the addressee/s, and may contain information that is
> > privileged, confidential or exempt from disclosure under
> > applicable law. Access to this e-mail and/or to the attachment by
> > anyone else is unauthorized. If this is a forwarded message, the
> > content and the views expressed in this email may not reflect
> > those of BankBazaar.com. If you are not the intended recipient,
> > an agent of the intended recipient or a person responsible for
> > delivering the information to the named recipient, you are
> > notified that any use, distribution, transmission, printing,
> > copying or dissemination of this information in any way or in any
> > manner is strictly prohibited.
> >
> >
> > ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> >
> >
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users@lists.sourceforge.net \
> > <mailto:mod-security-users@lists.sourceforge.net> \
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial \
> > ModSecurity Rules and Support from Trustwave's SpiderLabs: \
> > http://www.modsecurity.org/projects/commercial/rules/ \
> > http://www.modsecurity.org/projects/commercial/support/
>
>
> --
>
> *Rob Way*
>
> M: admin@mydomain.com
> <mailto:admin@vectorsites.com>T: (321) 698-4508
> W: www.mydomain.com <http://www.vectorsites.com>
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> <mailto:mod-security-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
--
*Rob Way*
M: admin@mydomain.com
<mailto:admin@vectorsites.com>T: (321) 698-4508
W: www.mydomain.com <http://www.vectorsites.com>
[Attachment #5 (multipart/related)]
[Attachment #7 (text/html)]
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I have mlog2waffle running now, I see
in debug mode that the controller is giving an OK 200 response but
I do not see a mysql connection being made at that point. When I
refresh the page there is a proper connection being made. Seems
the controller is not trying to connect.<br>
<br>
--------- Event Index ---------<br>
[modsecurity] [client 71.47.xxx.xxx] [domain <a \
class="moz-txt-link-abbreviated" href="http://www.mydomain.com">www.mydomain.com</a>] \
[403]
[/apache/20140805/20140805-0939/20140805-093946--SXwE8BR@b4AAExLWSkAAAAC]
[file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "302"]
[id "340016"] [rev "32"] [msg "Atomicorp.com UNSUPPORTED DELAYED
Rules: Possible SQL injection attempt detected"] [data "select *
from m"] [severity "CRITICAL"] Access denied with code 403 (phase
2). Pattern match
"(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rena \
me|describe)[[:space:]]+[a-z|0-9|\\*|\\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\\*|
|\\,]|\\bunion\\b.{1,256}?select.{1,256}[a-z0-9].{1,25 ..." at
REQUEST_URI.<br>
--------- mlog2waffle to WAF-FLE Request ---------<br>
PUT <a class="moz-txt-link-freetext" \
href="http://secure.mydomain.com/controller/">http://secure.mydomain.com/controller/</a><br>
Connection: Keep-Alive<br>
Authorization: Basic d2FmZmxlOjY0bXR6enNz<br>
User-Agent: mlog2waffle/0.6.3<br>
Content-Length: 2279<br>
X-Content-Hash:<br>
X-ForensicLog-Summary: [modsecurity] [client 71.47.xxx.xxx]
[domain <a class="moz-txt-link-abbreviated" \
href="http://www.mydomain.com">www.mydomain.com</a>] [403]
[/apache/20140805/20140805-0939/20140805-093946--SXwE8BR@b4AAExLWSkAAAAC]
[file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "302"]
[id "340016"] [rev "32"] [msg "Atomicorp.com UNSUPPORTED DELAYED
Rules: Possible SQL injection attempt detected"] [data "select *
from m"] [severity "CRITICAL"] Access denied with code 403 (phase
2). Pattern match
"(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rena \
me|describe)[[:space:]]+[a-z|0-9|\\*|\\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\\*|
|\\,]|\\bunion\\b.{1,256}?select.{1,256}[a-z0-9].{1,25 ..." at
REQUEST_URI.<br>
X-WAFFLE-Debug: ON<br>
<br>
--360bfe02-A--<br>
[05/Aug/2014:09:39:46 --0400] -SXwE8BR@b4AAExLWSkAAAAC
71.47.205.101 47935 192.81.249.190 80<br>
--360bfe02-B--<br>
GET /index.php?SELECT%20*%20FROM%20mysql.users HTTP/1.1<br>
Host: <a class="moz-txt-link-abbreviated" \
href="http://www.mydomain.com">www.mydomain.com</a><br> Connection: keep-alive<br>
Cache-Control: no-cache<br>
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br>
Pragma: no-cache<br>
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36<br>
Accept-Encoding: gzip,deflate,sdch<br>
Accept-Language: en-US,en;q=0.8<br>
Cookie:
92829377eec37f99c7148d7772f017ad=pnp8ft2djfsj89epr6ph6q6p55;
__utma=220892447.375733623.1405374693.1407211348.1407217719.14;
__utmc=220892447;
__utmz=220892447.1405374693.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__zlcid=%7B%22mID%22%3A%22Q0dvurDLef4oE6%22%2C%22sid%22%3A%22140805.105726.1Pa9L5rL%22%7D<br>
<br>
--360bfe02-F--<br>
HTTP/1.1 403 Forbidden<br>
Content-Length: 280<br>
Keep-Alive: timeout=15, max=100<br>
Connection: Keep-Alive<br>
Content-Type: text/html; charset=iso-8859-1<br>
<br>
--360bfe02-E--<br>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><br>
<html><head><br>
<title>403 Forbidden</title><br>
</head><body><br>
<h1>Forbidden</h1><br>
<p>You don't have permission to access /index.php<br>
on this server.</p><br>
<hr><br>
<address>Apache Server at <a class="moz-txt-link-abbreviated" \
href="http://www.mydomain.com">www.mydomain.com</a> Port 80</address><br>
</body></html><br>
<br>
--360bfe02-H--<br>
Message: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"]
[line "302"] [id "340016"] [rev "32"] [msg "Atomicorp.com
UNSUPPORTED DELAYED Rules: Possible SQL injection attempt
detected"] [data "select * from m"] [severity "CRITICAL"] Access
denied with code 403 (phase 2). Pattern match
"(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rena \
me|describe)[[:space:]]+[a-z|0-9|\\*|\\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\\*|
|\\,]|\\bunion\\b.{1,256}?select.{1,256}[a-z0-9].{1,25 ..." at
REQUEST_URI.<br>
Action: Intercepted (phase 2)<br>
Apache-Handler: fcgid-script<br>
Stopwatch: 1407245986689043 19246 (- - -)<br>
Stopwatch2: 1407245986689043 19246; combined=986, p1=31, p2=948,
p3=0, p4=0, p5=7, sr=0, sw=0, l=0, gc=0<br>
Response-Body-Transformed: Dechunked<br>
WAF: ModSecurity for Apache/2.7.7 (<a class="moz-txt-link-freetext" \
href="http://www.modsecurity.org/">http://www.modsecurity.org/</a>); \
201001071602.<br> Server: Apache/2.2.3 (CentOS)<br>
Engine-Mode: "ENABLED"<br>
<br>
--360bfe02-Z--<br>
--------- WAF-FLE to mlog2waffle Response ---------<br>
HTTP/1.1 200 OK<br>
Cache-Control: max-age=0, no-cache<br>
Connection: Keep-Alive<br>
Date: Tue, 05 Aug 2014 13:39:49 GMT<br>
Server: Apache<br>
Vary: Accept-Encoding<br>
Content-Length: 1<br>
Content-Type: text/html<br>
Client-Date: Tue, 05 Aug 2014 13:39:49 GMT<br>
Client-Peer: 192.81.249.190:80<br>
Client-Response-Num: 1<br>
Keep-Alive: timeout=15, max=100<br>
X-Mod-Pagespeed: 1.8.31.4-4009<br>
<br>
<br>
mod_security.i386 1:2.8.0-24.el5.art<br>
waf-fle Version 0.6.4<br>
php PDO is installed and verified.<br>
<br>
Can't seem to turn off mod_pagespeed to see if that has something
to do with it..<br>
<br>
<br>
On 8/4/2014 9:06 PM, Klaubert Herr da Silveira wrote:<br>
</div>
<blockquote
cite="mid:CAFoCuZqr9QiKXhk9wzQ-=n2tgzLL_Es+MC0oz19QUwiRzewGNQ@mail.gmail.com"
type="cite">
<div dir="ltr">Rob Way,
<div><br>
</div>
<div>the problem is that Perl only support named capture group
starting in version 5.10. And your is 5.8.8, that is the
problem.</div>
<div><br>
</div>
<div>I just changed mlog2waffle to not use named capture group
in github. Try this version: <a moz-do-not-send="true"
href="https://github.com/klaubert/waf-fle/blob/0.7.0-devel/extra/mlog2waffle/mlog2waff \
le">https://github.com/klaubert/waf-fle/blob/0.7.0-devel/extra/mlog2waffle/mlog2waffle</a></div>
<div><br>
</div>
<div>best regards, </div>
<div><br>
</div>
<div>Klaubert Herr</div>
<div><a moz-do-not-send="true" \
href="http://waf-fle.org">http://waf-fle.org</a></div> </div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Aug 4, 2014 at 3:16 PM,
vectorsites <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:admin@vectorsites.com" \
target="_blank">admin@vectorsites.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi, I tried to follow this and when starting
mlog2waffle I get this error... CentOS release 5.10
(Final) | perl v5.8.8 all mods installed<br>
<br>
Sequence (?<f...) not recognized in regex; marked by
<-- HERE in m/<br>
\
^ # Start<br>
\
(?: # Support to Atomic Turtle \
mod_security log format<br>
\
\[modsecurity\]\s<br>
\[[^\]]+\]\s<br>
\[[^\]]+\]\s<br>
\[[^\]]+\]\s<br>
\[(?<f <-- \
HERE ile>[^\]]+)\]\s)<br> |<br>
(?:<br>
\
.* # Hostname<br>
\
\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s # IP Address<br>
\
\S+\s # Username<br>
\
\S+\s #<br>
\
\S+\s # Timestamp<br>
at \
/usr/sbin/mlog2waffle line 295.<br> \
&n \
bsp; &nbs \
p; \
[FAILED]
<div>
<div class="h5"><br>
<br>
<br>
On 8/4/2014 1:07 PM, Suresh Prajapati wrote:<br>
</div>
</div>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"
\
style="font-family:arial,helvetica,sans-serif;font-size:small">Hey
Craig,</div>
<div class="gmail_default"
\
style="font-family:arial,helvetica,sans-serif;font-size:small"><br> </div>
<div class="gmail_default"
\
style="font-family:arial,helvetica,sans-serif;font-size:small"> Its going to help me \
lot ..thanks again appreciated.</div>
<div class="gmail_default"
\
style="font-family:arial,helvetica,sans-serif;font-size:small"><br> </div>
<div class="gmail_default"
\
style="font-family:arial,helvetica,sans-serif;font-size:small"> Regards,</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Aug 4, 2014 at
4:42 PM, Craig Lawson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:craig.lawson@secarma.co.uk"
target="_blank">craig.lawson@secarma.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-GB">
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Hi
Suresh:</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">These
work for CentOS 6, obviously there
maybe ways we do things that don’t
quite fit into your environment but
I’m sure you can adjust \
appropriately:</span></p> <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Pre-Requisites:</span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">yum
install perl-CPAN</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">perl
-MCPAN -e shell</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">install
LWP::UserAgent</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">install
LWP::Protocol::https</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">yum
install perl-libwww-perl
perl-Time-HiRes perl-File-Pid
perl-File-Tail perl-Crypt-SSLeay</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">mlog2waffle:</span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">wget
<a moz-do-not-send="true"
\
href="https://github.com/klaubert/waf-fle/archive/master.zip"
\
target="_blank">https://github.com/klaubert/waf-fle/archive/master.zip</a></span></p> \
<p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">unzip
master.zip</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">cd
waf-fle-master</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">cp
extra/mlog2waffle/mlog2waffle
/usr/sbin/mlog2waffle</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">chmod
+x /usr/sbin/mlog2waffle</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">cp
extra/mlog2waffle/mlog2waffle.rhel
/etc/init.d/mlog2waffle</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">cp
extra/mlog2waffle/mlog2waffle.conf
/etc/mlog2waffle.conf</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">touch
/opt/modsecurity/var/mlog2waffle-index</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">#
Edit /etc/mlog2waffle.conf to reflect
your needs, the file has many comments</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">#
to help you in adjust the parameters</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">#
Edit your mod_security.conf to reflect
the changes between mlogc.conf </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">#
and mlogc2waffle.conf</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">chkconfig
--add mlog2waffle</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">service
mlog2waffle start</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Craig</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"> Suresh Prajapati
[mailto:<a moz-do-not-send="true"
href="mailto:suresh.prajapati@bankbazaar.com"
\
target="_blank">suresh.prajapati@bankbazaar.com</a>] <br>
<b>Sent:</b> 04 August 2014 11:44<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:mod-security-users@lists.sourceforge.net" \
target="_blank">mod-security-users@lists.sourceforge.net</a></span></p> <div>
<div><br>
<b>Subject:</b> Re:
[mod-security-users] Offline
Monitoring Using ModSecurity</div>
</div>
<div>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal"><span
\
style="font-family:"Arial","sans-serif"">Hey
Craig,</span></p>
</div>
<div>
<p class="MsoNormal"><span
\
style="font-family:"Arial","sans-serif""> </span></p> \
</div> <div>
<p class="MsoNormal"><span
\
style="font-family:"Arial","sans-serif"">That
can solve my problem , If you
have have any help doc on this
please share if you can thanks
for helping. </span></p>
</div>
<div>
<p class="MsoNormal"><span
\
style="font-family:"Arial","sans-serif""> </span></p> \
</div> <div>
<p class="MsoNormal"><span
\
style="font-family:"Arial","sans-serif"">Regards,</span></p> \
</div> <div>
<p class="MsoNormal"><span
\
style="font-family:"Arial","sans-serif"">Suresh</span></p> \
</div> </div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On Mon, Aug
4, 2014 at 4:07 PM, Craig Lawson
<<a moz-do-not-send="true"
href="mailto:craig.lawson@secarma.co.uk"
\
target="_blank">craig.lawson@secarma.co.uk</a>>
wrote:</p>
<p class="MsoNormal">I've had /
seen the 100% cpu mlogc issue...
We now use the log agent that
comes with WAF-FLE to send our
logs to AuditConsole, works for
us.<br>
<br>
C</p>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
<br>
-----Original Message-----<br>
From: Christian Bockermann
[mailto:<a
moz-do-not-send="true"
href="mailto:chris@jwall.org"
\
target="_blank">chris@jwall.org</a>]<br> Sent: 04 August 2014 10:18<br>
To: Mod Security<br>
Subject: Re:
[mod-security-users] Offline
Monitoring Using ModSecurity<br>
<br>
<br>
Am 04.08.2014 um 11:01
schrieb Reindl Harald <<a
moz-do-not-send="true"
href="mailto:h.reindl@thelounge.net"
\
target="_blank">h.reindl@thelounge.net</a>>:<br> > Am 04.08.2014 um 10:51
schrieb Suresh Prajapati:<br>
>> So what is the
other way to avoide the
mlogc load on Apache server
to use ModSecurity ?<br>
>> As modSecurity is
taking lot of CPU and on
some Server 100% CPU
utilization.<br>
><br>
> what mlogc load are you
talking about?<br>
><br>
> if you have 100% CPU
load the reason is just a
wrong config for<br>
> production and not that
mod_security is running and
so<br>
<br>
That might refer to a rather
hard-to-reproduce bug that
makes mlogc spin wildly with
100% CPU consumption due to
some locks in the process.<br>
<br>
Not sure if that is solved
in the latest version, but
that used to be an issue for
quite a while and one of the
main reasons, people turned
away from mlogc.<br>
<br>
Regards,<br>
Chris</p>
</div>
</div>
<p \
class="MsoNormal">________________________________<br> <br>
NOTICE AND DISCLAIMER<br>
This e-mail (including any
attachments) is intended for the
above-named person(s). If you
are not the intended recipient,
notify the sender immediately,
delete this email from your
system and do not disclose or
use for any purpose. We may
monitor all incoming and
outgoing emails in line with
current legislation. We have
taken steps to ensure that this
email and attachments are free
from any virus, but it remains
your responsibility to ensure
that viruses do not adversely
affect you</p>
<div>
<div>
<p class="MsoNormal"><br>
------------------------------------------------------------------------------<br>
Infragistics Professional<br>
Build stunning WinForms apps
today!<br>
Reboot your WinForms
applications with our
WinForms controls.<br>
Build a bridge from your
legacy apps to the future.<br>
<a moz-do-not-send="true"
href="http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk"
\
target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk</a><br>
_______________________________________________<br>
mod-security-users mailing
list<br>
<a moz-do-not-send="true"
\
href="mailto:mod-security-users@lists.sourceforge.net"
\
target="_blank">mod-security-users@lists.sourceforge.net</a><br> <a \
moz-do-not-send="true"
\
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users"
\
target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a><br>
Commercial ModSecurity Rules
and Support from Trustwave's
SpiderLabs:<br>
<a moz-do-not-send="true"
\
href="http://www.modsecurity.org/projects/commercial/rules/"
\
target="_blank">http://www.modsecurity.org/projects/commercial/rules/</a><br> <a \
moz-do-not-send="true"
\
href="http://www.modsecurity.org/projects/commercial/support/"
\
target="_blank">http://www.modsecurity.org/projects/commercial/support/</a></p> \
</div> </div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
</p>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal">-- </p>
<div>
<div>
<p class="MsoNormal"><span>Thanks,</span></p>
</div>
<div>
<p class="MsoNormal"><span>Suresh</span></p>
</div>
<div>
<p class="MsoNormal"><span>Information
Security Analyst</span></p>
</div>
<div>
<p class="MsoNormal"><span><a
moz-do-not-send="true"
\
href="mailto:suresh.prajapati@bankbazaar.com"
\
target="_blank">suresh.prajapati@bankbazaar.com</a> <br> Mobile: <a
moz-do-not-send="true"
href="tel:%2B91%208884199479"
value="+918884199479"
target="_blank">+91
8884199479</a></span></p>
</div>
<div>
<p class="MsoNormal"><span
\
style="color:#888888">DISCLAIMER:</span></p> </div>
<div>
<p class="MsoNormal"><span
style="color:#888888">Information
contained and transmitted by
this email including any
attachment is proprietary to
BankBazaar.com and is
intended solely for the
addressee/s, and may contain
information that is
privileged, confidential or
exempt from disclosure under
applicable law. Access to
this e-mail and/or to the
attachment by anyone else is
unauthorized. If this is a
forwarded message, the
content and the views
expressed in this email may
not reflect those of
BankBazaar.com. If you are
not the intended recipient,
an agent of the intended
recipient or a person
responsible for delivering
the information to the named
recipient, you are notified
that any use, distribution,
transmission, printing,
copying or dissemination of
this information in any way
or in any manner is strictly
prohibited.</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div> <br>
<hr> <font size="1" color="Gray"
face="Arial"><br>
NOTICE AND DISCLAIMER<br>
This e-mail (including any
attachments) is intended for the
above-named person(s). If you are not
the intended recipient, notify the
sender immediately, delete this email
from your system and do not disclose
or use for any purpose. We may monitor
all incoming and outgoing emails in
line with current legislation. We have
taken steps to ensure that this email
and attachments are free from any
virus, but it remains your
responsibility to ensure that viruses
do not adversely affect you<br>
</font> </div>
</div>
</div>
<br>
------------------------------------------------------------------------------<br>
Infragistics Professional<br>
Build stunning WinForms apps today!<br>
Reboot your WinForms applications with our
WinForms controls.<br>
Build a bridge from your legacy apps to the
future.<br>
<a moz-do-not-send="true"
href="http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk"
\
target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk</a><br>
_______________________________________________<br>
mod-security-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:mod-security-users@lists.sourceforge.net"
\
target="_blank">mod-security-users@lists.sourceforge.net</a><br> <a \
moz-do-not-send="true"
\
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users"
\
target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a><br>
Commercial ModSecurity Rules and Support from
Trustwave's SpiderLabs:<br>
<a moz-do-not-send="true"
\
href="http://www.modsecurity.org/projects/commercial/rules/"
\
target="_blank">http://www.modsecurity.org/projects/commercial/rules/</a><br> <a \
moz-do-not-send="true"
\
href="http://www.modsecurity.org/projects/commercial/support/"
\
target="_blank">http://www.modsecurity.org/projects/commercial/support/</a><br> <br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div><font color="#000000" face="courier new,
monospace">Thanks,</font></div>
<div><font color="#000000" face="courier new,
monospace">Suresh</font></div>
<div><font color="#000000" face="courier new,
monospace">Information Security Analyst</font></div>
<div><font color="#000000"><font face="courier
new, monospace"><a moz-do-not-send="true"
href="mailto:suresh.prajapati@bankbazaar.com" \
target="_blank">suresh.prajapati@bankbazaar.com</a> <br> Mobile: <a \
moz-do-not-send="true" href="tel:%2B91%208884199479"
value="+918884199479" target="_blank">+91
8884199479</a></font></font></div>
<div><span \
style="color:rgb(136,136,136)">DISCLAIMER:</span><br> </div>
<div><span><font color="#888888"> Information
contained and transmitted by this email
including any attachment is proprietary to
BankBazaar.com and is intended solely for
the addressee/s, and may contain
information that is privileged,
confidential or exempt from disclosure
under applicable law. Access to this
e-mail and/or to the attachment by anyone
else is unauthorized. If this is a
forwarded message, the content and the
views expressed in this email may not
reflect those of BankBazaar.com. If you
are not the intended recipient, an agent
of the intended recipient or a person
responsible for delivering the information
to the named recipient, you are notified
that any use, distribution, transmission,
printing, copying or dissemination of this
information in any way or in any manner is
strictly prohibited.</font></span><br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
<a moz-do-not-send="true" \
href="http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk" \
target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk</a></pre>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
mod-security-users mailing list
<a moz-do-not-send="true" href="mailto:mod-security-users@lists.sourceforge.net" \
target="_blank">mod-security-users@lists.sourceforge.net</a> <a \
moz-do-not-send="true" \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a> \
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: <a \
moz-do-not-send="true" href="http://www.modsecurity.org/projects/commercial/rules/" \
target="_blank">http://www.modsecurity.org/projects/commercial/rules/</a> <a \
moz-do-not-send="true" href="http://www.modsecurity.org/projects/commercial/support/" \
target="_blank">http://www.modsecurity.org/projects/commercial/support/</a> </pre>
</blockquote>
<br>
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">
<div>-- <br>
<p><strong>Rob Way</strong><br>
<br>
M: <a moz-do-not-send="true"
href="mailto:admin@vectorsites.com"
target="_blank">admin@mydomain.com<br>
</a>T: (321) 698-4508<br>
W: <a moz-do-not-send="true"
href="http://www.vectorsites.com"
target="_blank">www.mydomain.com </a><br>
<br>
<img
src="cid:part32.04020905.06000601@vectorsites.com"
height="35" width="150"></p>
</div>
</font></span></div>
<br>
------------------------------------------------------------------------------<br>
Infragistics Professional<br>
Build stunning WinForms apps today!<br>
Reboot your WinForms applications with our WinForms
controls.<br>
Build a bridge from your legacy apps to the future.<br>
<a moz-do-not-send="true"
href="http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk"
target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk</a><br>
_______________________________________________<br>
mod-security-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:mod-security-users@lists.sourceforge.net">mod-security-users@lists.sourceforge.net</a><br>
<a moz-do-not-send="true"
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users"
target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a><br>
Commercial ModSecurity Rules and Support from Trustwave's
SpiderLabs:<br>
<a moz-do-not-send="true"
href="http://www.modsecurity.org/projects/commercial/rules/"
target="_blank">http://www.modsecurity.org/projects/commercial/rules/</a><br>
<a moz-do-not-send="true"
href="http://www.modsecurity.org/projects/commercial/support/"
target="_blank">http://www.modsecurity.org/projects/commercial/support/</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
<a class="moz-txt-link-freetext" \
href="http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk \
">http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk</a></pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
mod-security-users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:mod-security-users@lists.sourceforge.net">mod-security-users@lists.sourceforge.net</a>
<a class="moz-txt-link-freetext" \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a>
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
<a class="moz-txt-link-freetext" \
href="http://www.modsecurity.org/projects/commercial/rules/">http://www.modsecurity.org/projects/commercial/rules/</a>
<a class="moz-txt-link-freetext" \
href="http://www.modsecurity.org/projects/commercial/support/">http://www.modsecurity.org/projects/commercial/support/</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<p><strong>Rob Way</strong><br>
<br>
M: <a href="mailto:admin@vectorsites.com">admin@mydomain.com<br>
</a>T: (321) 698-4508<br>
W: <a href="http://www.vectorsites.com">www.mydomain.com </a><br>
<br>
<img src="cid:part40.02010809.08000309@vectorsites.com"
height="35" width="150"></p>
</div>
</body>
</html>
[Attachment #8 (image/png)]
["2013logo.png" (image/png)]
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic