Christian Folini

icon indicating a website link https://www.christian-folini.ch

icon company https://www.netnea.com icon location Berne, Switzerland icon location Webserver Fortification Engineer and Advisor in the Art of Defense. OWASP ModSecurity Core Rule Set Co-Lead.

Results 509 comments of Christian Folini

Move DoS rules to plugin

Let me propose the following wording: ``` ModSecurity and CRS are suited to small scale application level DoS attacks. DoS attacks on the network level, distributed DoS attacks and larger...

Move DoS rules to plugin

Thank you very much.

Move DoS rules to plugin

I'm not really running ModSec3, so I am not sure I have the experience to understand and make this work. @theMiddleBlue, you are working on ModSec3. Would you be able...

Move DoS rules to plugin

Awesome. Thank you very much. For the record: The fake bot plugin is a very nice test case for plugins. I reckon that would also make for a nice sandbox...

Monthly Chat Agenda August 2022 (2022-08-01 and 2022-08-15)

Absolutely. Thank you for cleaning up.

Add test to CI to check for re2 compatibility in rules

Good thinking!

Improve XML External Entity (XXE) detection

This is a very good roundup and I like the approach. @airween : Could you chime in from a ModSec v2 / v3 perspective, namely with regards to `REQUEST_BODY` availability?

Improve XML External Entity (XXE) detection

Exactly. It's one of the open quarrels we have with the ModSec devs. Airween might be able to give us the latest news / perspectives here.

Improve XML External Entity (XXE) detection

@jptosso: What is the prospect of Coraza getting LUA Support on a horizon of 1-2 years?

Improve XML External Entity (XXE) detection

@azurit : You meant the LUA solution you have get going might be so complicated that it is not worth to use in production?