Category:OWASP ModSecurity Core Rule Set Project - ModSecurity 2.1.2 - Notes

Jump to: navigation, search
  • Improvements:

- Added experimental real-time application profiling ruleset. - Added experimental Lua script for profiling the # of page scripts, iframes, etc.. which will help to identify successful XSS attacks and planting of malware links. - Added new CSRF detection rule which will trigger if a subsequent request comes too quickly (need to use the Ignore Static Content rules).

  • Bug Fixes:

- Added missing " in the skipAfter SecAction in the CC Detection rule set.

This category currently contains no pages or media.