|
List Info
Thread: Web services
|
|
| Web services |
|
2007-04-13 08:08:23 |
|
Hello,
do someone use mod_security to filter XML input in a webservice and can send some rules and dtd/xsd to show how it works.
Thanks in advance
Best regards
JP
|
| Re: Web services |
|
2007-04-13 09:04:36 |
|
When i try with an XPath expression, i got :
Message: XML: Unable to evaluate xpath expression.
2007/4/13, Jean-Paul Sartres < jsartres gmail.com">jsartresgmail.com
>:Hello,
do someone use mod_security to filter XML input in a webservice and can send some rules and dtd/xsd to show how it works.
Thanks in advance
Best regards
JP
|
| Re: Web services |
 
Germany |
2007-04-15 04:34:51 |
There used to be a link to an article by Shreeraj Shah for
this on
the modsecurity homepage.
However a google search on "modsecurity
webservices" reveals this and
a few other links. The
following two might be a good start, though they refer to
modsecurity-1.9:
http://www.infosecwriters.com/text_resources/pdf/
Defending-web-
services.pdf
http://www.onlamp.com/pub/a/onlamp/2005/06/09/ws
s_security.html?
CMP=OTC-72M40J560326&ATT=Securing+Web+Services+with+mod_
security
To get a little help on migrating these to modsecurity-2 you
will
probably find Ryan's
migration-matrix helpful:
Blog-Entry:
http://www.modsecurity.org/blog/archives/20
07/04/modsecurity_mig.html
Migration-Matrix:
http://www.modsecurity.org/documentation/ModSecur
ity-Migration-
Matrix.pdf
Regards,
Chris
Am 13.04.2007 um 15:08 schrieb Jean-Paul Sartres:
> Hello,
>
> do someone use mod_security to filter XML input in a
webservice and
> can send some rules and dtd/xsd to show how it works.
>
> Thanks in advance
>
> Best regards
>
> JP
>
------------------------------------------------------------
----------
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the
chance to
> share your
> opinions on IT & business topics through brief
surveys-and earn cash
> http://www.techsa
y.com/default.php?
>
page=join.php&p=sourceforge&CID=DEVDEV______________
__________________
> _______________
> mod-security-users mailing list
> mod-security-userslists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-
security-users
------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Web services |
 
United States |
2007-04-16 11:46:33 |
|
Can you show an example of what your
ruleset was and what the XML payload/schema is that you are checking?
Here is a quick example of using an XML
XPath ruleset. Let’s say that you had an XML POST request such as this
and you wanted to inspect the “name” location –
POST /test.php HTTP/1.0
Content-Type: text/xml
Content-Length: 634
<employees>
<employee>
<name>Fred
Jones</name>
<address location="home">
; <street>900
Aurora Ave.</street>
; <city>Seattle</city>;
; <state>WA</state>
; <zip>;98115</zip>
</address>
<address location="work">
; <street>2011
152nd Avenue NE</street>
; <city>Redmond</city>;
; <state>WA</state>
; <zip>;98052</zip>
</address>
<phone
location="work">(425)555-5665</phone>
<phone
location="home">(206)555-5555</phone>
<phone
location="mobile">(206)555-4321</phone>
</employee>
</employees>
You would then need to use the following XPath
ruleset to trigger if the name includes “Fred”. Notice that you
need to specify the full path which includes the parent “employees̶1;
and “employee”; paths -
SecDefaultAction log,deny,status:403,phase:2
SecRule REQUEST_HEADERS:Content-Type ^text/xml$
phase:1,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML
SecRule REQBODY_PROCESSOR "!^XML$"
SecRule XML:/employees/employee/name/text() “fred” phase:2,t:lowercase
I hope this helps.
--
Ryan C. Barnett
ModSecurity Community
Manager
Breach Security: Director of Application
Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May
9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series:
http://www.breach.com/webinars.asp
--------------
From:
mod-security-users-bounceslists.sourceforge.net
[mailto:mod-security-users-bounceslists.sourceforge.net] On Behalf Of Jean-Paul Sartres
Sent: Friday, April 13, 2007 10:05
AM
To:
mod-security-userslists.sourceforge.net
Subject: Re: [mod-security-users]
[mod_security2]Web services
When i try with an XPath
expression, i got :
Message: XML: Unable to evaluate xpath expression.
2007/4/13, Jean-Paul Sartres <gmail.com">jsartresgmail.com >:
Hello,
do someone use mod_security to filter XML input in a webservice and can send
some rules and dtd/xsd to show how it works.
Thanks in advance
Best regards
JP
|
| Re: Web services |
United States |
2007-04-16 11:49:11 |
Those are indeed excellent articles. In fact, I am working
on some
updated versions of those articles that reflect the Mod 2.0
rules
language. I will be posting them out to the Mod site soon
and I will
let you all know when they are available.
--
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May 9, 2007 (12 pm
EST)
Learn More About the Breach Webinar Series:
http://www.breach.
com/webinars.asp
--------------
> -----Original Message-----
> From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-
> security-users-bounceslists.sourceforge.net] On
Behalf Of Christian
> Bockermann
> Sent: Sunday, April 15, 2007 5:35 AM
> To: Mod Security
> Subject: Re: [mod-security-users] [mod_security2]Web
services
>
> There used to be a link to an article by Shreeraj Shah
for this on
> the modsecurity homepage.
> However a google search on "modsecurity
webservices" reveals this and
> a few other links. The
> following two might be a good start, though they refer
to
> modsecurity-1.9:
>
>
> http://www.infosecwriters.com/text_resources/pdf/
Defending-web-
> services.pdf
>
> http://www.onlamp.com/pub/a/onlamp/2005/06/09/ws
s_security.html?
>
CMP=OTC-72M40J560326&ATT=Securing+Web+Services+with+mod_
security
>
>
> To get a little help on migrating these to
modsecurity-2 you will
> probably find Ryan's
> migration-matrix helpful:
>
> Blog-Entry:
>
http://www.modsecurity.org/blog/archives/200
7/04/modsecurity_mig.htm
> l
>
> Migration-Matrix:
> http://www.modsecurity.org/documentation/ModSecur
ity-Migration-
> Matrix.pdf
>
>
> Regards,
> Chris
>
>
>
> Am 13.04.2007 um 15:08 schrieb Jean-Paul Sartres:
>
> > Hello,
> >
> > do someone use mod_security to filter XML input in
a webservice and
> > can send some rules and dtd/xsd to show how it
works.
> >
> > Thanks in advance
> >
> > Best regards
> >
> > JP
> >
------------------------------------------------------------
----------
> > ---
> > Take Surveys. Earn Cash. Influence the Future of
IT
> > Join SourceForge.net's Techsay panel and you'll
get the chance to
> > share your
> > opinions on IT & business topics through brief
surveys-and earn cash
> > http://www.techsa
y.com/default.php?
> >
page=join.php&p=sourceforge&CID=DEVDEV______________
__________________
> > _______________
> > mod-security-users mailing list
> > mod-security-userslists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-
security-users
>
>
>
------------------------------------------------------------
------------
-
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2
express and take
> control of your XML. No limits. Just data. Click to get
it now.
> http://sourcefor
ge.net/powerbar/db2/
> _______________________________________________
> mod-security-users mailing list
> mod-security-userslists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-
security-users
------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Web services |
|
2007-04-17 03:00:32 |
|
In fact, my problem come from the xpath expression and soap messages :
SecRule XML:/soap:Envelope/soapenv:Body/ns1:function1/data "123" deny,phase:2
<soapenv:Envelope xmlns:soapenv="
http://schemas.xmlsoap.org/soap/envelope/"
xmlns sd="http://www.w3.org/2001/XMLSchema"
xmlns:ns1="http://host.hsc.fr/
">
<soapenv:Body>
; ; <ns1:function1>
; ; <data>123</data>
; </ns1:function1>;
</soapenv:Body>
</soapenv:Envelope>
If i use :
SecRule XML://data "123" deny,phase:2, it works but i don't think it's a good practice, it solve the problem, but it's not exactly what i want.
Thanks in advance.
2007/4/16, Ryan Barnett < Ryan.Barnettbreach.com">Ryan.Barnettbreach.com>:
Those are indeed excellent articles. In fact, I am working on some
updated versions of those articles that reflect the Mod 2.0 rules
language. I will be posting them out to the Mod site soon and I will
let you all know when they are available.
--
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May 9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series:
http://www.breach.com/webinars.asp
--------------
> -----Original Message-----
> From: mod-security-users-bounceslists.sourceforge.net">mod-security-users-bounceslists.sourceforge.net [mailto: mod-">
mod-
> security-users-bounceslists.sourceforge.net">security-users-bounceslists.sourceforge.net] On Behalf Of Christian
> Bockermann
> Sent: Sunday, April 15, 2007 5:35 AM
> To: Mod Security
> Subject: Re: [mod-security-users] [mod_security2]Web services
>
> There used to be a link to an article by Shreeraj Shah for this on
> the modsecurity homepage.
> However a google search on "modsecurity webservices" reveals this and
> a few other links. The
> following two might be a good start, though they refer to
> modsecurity-1.9:
>
>
>
http://www.infosecwriters.com/text_resources/pdf/Defending-web-
> services.pdf
>
>; http://www.onlamp.com/pub/a/onlamp/2005/06/09/wss_security.html
?
> CMP=OTC-72M40J560326&ATT=Securing+Web+Services+with+mod_security
>
>
> To get a little help on migrating these to modsecurity-2 you will
> probably find Ryan's
> migration-matrix helpful:
>
> Blog-Entry:
>
http://www.modsecurity.org/blog/archives/2007/04/modsecurity_mig.htm
> l
>
>; Migration-Matrix:
> http://www.modsecurity.org/documentation/ModSecurity-Migration-
> Matrix.pdf
>
>
> Regards,
> Chris
>
>;
>
> Am 13.04.2007 um 15:08 schrieb Jean-Paul Sartres:
>
> > Hello,
>; >
> > do someone use mod_security to filter XML input in a webservice and
> > can send some rules and dtd/xsd to show how it works.
> >
> > Thanks in advance
> >
> > Best regards
> >
> > JP
> >
----------------------------------------------------------------------
> > ---
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to
> > share your
> > opinions on IT & business topics through brief surveys-and earn cash
> >
http://www.techsay.com/default.php?
> >
page=join.php&p=sourceforge&CID=DEVDEV________________________________
>; > _______________
> > mod-security-users mailing list
> >
mod-security-userslists.sourceforge.net">mod-security-userslists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
>
------------------------------------------------------------------------
-
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
>; control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> mod-security-users mailing list
> mod-security-userslists.sourceforge.net">mod-security-userslists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/mod-security-users
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net">mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
|
[1-6]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|