[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] File inspection on file uploading function
From: J Doe <general () nativemethods ! com>
Date: 2017-05-10 23:50:16
Message-ID: 93FCED53-8418-4864-BB39-5CA825166570 () nativemethods ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Robert,
Wow that's cool! It's even packaged in a luarock and has a great man page!
Thanks for pointing me to this. I will also be going over your presentation on the \
train home tonight.
- J
> On May 8, 2017, at 11:32 AM, Robert Paprocki <rpaprocki@fearnothingproductions.net> \
> wrote:
> > On Fri, May 5, 2017 at 2:40 PM, J Doe <general@nativemethods.com> wrote:
> > Hi,
> >
> > I would second Osama's suggestion of Lua - you're not forking a process for each \
> > request.
> > Lua 5.2 (which ModSec 2.9.1 uses), does not support full PCRE, but it does have a \
> > lightweight version of pattern matching for strings in the Standard Library (in \
> > the 3rd edition of the Lua handbook, the principal author of Lua states this is a \
> > size and efficiency issue and as Lua aims to be lightweight, full PCRE is \
> > therefore excluded).
>
>
> There are also Lua binding for system regex libraries, including POSIX and PCRE \
> flavors: http://rrthomas.github.io/lrexlib/. We've used this to great effect in the \
> past for complex malware analysis in ModSec. I gave a talk about this at last year \
> Lua User's workshop (slides: \
> http://cb-objs.objects.cdn.dream.io/lua_in_wafs.pdf).
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div></div><div>Hi \
Robert,</div><div><br></div><div>Wow that's cool! It's even packaged in a \
luarock and has a great man page!</div><div><br></div><div>Thanks for pointing me to \
this. I will also be going over your presentation on the train home \
tonight.</div><div><br></div><div>- J</div><div><br>On May 8, 2017, at 11:32 AM, \
Robert Paprocki <<a \
href="mailto:rpaprocki@fearnothingproductions.net">rpaprocki@fearnothingproductions.net</a>> \
wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div \
class="gmail_extra"><div class="gmail_quote">On Fri, May 5, 2017 at 2:40 PM, J Doe \
<span dir="ltr"><<a href="mailto:general@nativemethods.com" \
target="_blank">general@nativemethods.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div \
dir="auto"><div></div><div>Hi,</div><div><br></div><div>I would second Osama's \
suggestion of Lua - you're not forking a process for each \
request.</div><div><br></div><div>Lua 5.2 (which ModSec 2.9.1 uses), does not support \
full PCRE, but it does have a lightweight version of pattern matching for strings in \
the Standard Library (in the 3rd edition of the Lua handbook, the principal author of \
Lua states this is a size and efficiency issue and as Lua aims to be lightweight, \
full PCRE is therefore \
excluded).</div></div></blockquote><div><br></div><div><br></div><div>There are also \
Lua binding for system regex libraries, including POSIX and PCRE flavors: <a \
href="http://rrthomas.github.io/lrexlib/">http://rrthomas.github.io/lrexlib/</a>. \
We've used this to great effect in the past for complex malware analysis in ModSec. I \
gave a talk about this at last year Lua User's workshop (slides: <a \
href="http://cb-objs.objects.cdn.dream.io/lua_in_wafs.pdf">http://cb-objs.objects.cdn.dream.io/lua_in_wafs.pdf</a>).</div></div></div></div>
</div></blockquote><blockquote \
type="cite"><div><span>------------------------------------------------------------------------------</span><br><span>Check \
out the vibrant tech community on one of the world's most</span><br><span>engaging \
tech sites, <a href="http://Slashdot.org">Slashdot.org</a>! <a \
href="http://sdm.link/slashdot">http://sdm.link/slashdot</a></span></div></blockquote><blockquote \
type="cite"><div><span>_______________________________________________</span><br><span>mod-security-users \
mailing list</span><br><span><a \
href="mailto:mod-security-users@lists.sourceforge.net">mod-security-users@lists.sourceforge.net</a></span><br><span><a \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a></span><br><span>Commercial \
ModSecurity Rules and Support from Trustwave's SpiderLabs:</span><br><span><a \
href="http://www.modsecurity.org/projects/commercial/rules/">http://www.modsecurity.org/projects/commercial/rules/</a></span><br><span><a \
href="http://www.modsecurity.org/projects/commercial/support/">http://www.modsecurity.org/projects/commercial/support/</a></span><br></div></blockquote></body></html>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic