Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
As I was reviewing the ModSecurity 2.1.0-rc7 Reference Manual I realised it did not contain some very important sections we had in the previous (ModSecurity 1.9.x) manual - those on web application firewall impedance mismatch and PHP peculiarities. Impedance mismatch is a well known problem where, because web application firewalls interpret input data independently from the systems they are protecting, there is a danger of information slipping through because of different interpretations. PHP is especially vulnerable to this issue because the engine was designed to be error friendly and "helpful".
For many years now my policy was to try to document the evasion possibilities and to lay the responsibility on the ModSecurity user to read the manual. I have now decided to make the issue more visible. To start with, here's the part from the 1.9.x manual that is relevant to PHP:
(Update Feb 7) Jakub Vrna wrote to clarify that "magic_quotes_gpc" must be "On" for "magic_quotes_sybase" to work. Thanks! This is now fixed. Jakub has a post in Czech on a similar topic.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.