Atomicorp

hi, i did install your ruleset etc. through plesk 12 gui. there are several files with .disabled extension: # ls | grep disabled 00_asl_rbl.conf.disabled 00_asl_whitelist.conf.disabled 05_asl_scanner.conf.disabled 11_asl_data_loss.conf.disabled 15_asl_paranoid_rules.conf.disabled 40_asl_apache2-rule...

hi, i am using WAF rules, but not ASL. to activate whitelist, may i just rename '00_asl_whitelist.conf.disabled' into '00_asl_whitelist.conf' and define the needed IPs in /etc/asl/whitelist - apache2 reload? or do WAF rule updates overwrite '00_asl_whitelist.conf' back into '00_asl_whitelist.conf.di...

is there a way to get the rule-id in the first line of such an entry in modsec_audit log or to get the HOST in de line with the rule id (you know, what i want to reach.. :wink: )? Not sure what you want to do here, can you elaborate? well, i let fail2ban read from modsec_audit.log and i do block, i...

hi, i am using modsecurity with atomicorp WAF ruleset. also, i define a rule as follows: SecRule FILES_TMPNAMES "@inspectFile /path/to/modsec-clamscan.pl" "phase:2,t:none,id:351000,rev:1,severity:2,msg:'Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and b...

hi,
can anyone say something to my latest questions, above?

regards,
andi

hi, thank you for reply. well, ASL is, i am sure, best solution, actually. we will test it on a test server very soon. but first, i'd like to know atomic modsecurity ruleset better. is it true, that there is no web application brute force protection included (eg. after 5 invalid login attempts again...

thank you! i'll just pass this post tu parallel's support. is there a way to scan file uploadads (eg. malicious php uploads from joomla, wordpress etc.) with modsecurity ruleset from atomicorp? if there is no 'native integration', how do you think abouot clamscan.pl-solution with 'SecRule FILES_TMPN...

hello, i have a plesk 12 debian 7 node with mod_security2 installed. i am searching for modsecurity rules, especially against web application brute force attacks and malicious (php) file uploads. which solution is recommended? does 'Atomic ModSecurity rule set' scan file uploads (eg. against clamdsc...