In the new version, under "Pattern Updates" the WAF is not in the list anymore. Can you describe how the WAF patterns are updated?
Thanks
In the new version, under "Pattern Updates" the WAF is not in the list anymore. Can you describe how the WAF patterns are updated?
Thanks
I bet it's part of the IPS bundle now.
CTO, Convergent Information Security Solutions, LLC
https://www.convergesecurity.com
Sophos Platinum Partner
--------------------------------------
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
I hope that is not the case as I am a big fan of modsecurity (WAF). Granted its a little hard to configure on the front end than a simple proxy while augmenting it with IPS but I find the reliability of modsecurity far greater than ANY IPS engine which WILL drop packets under heavy load.
Regards
Bill
As far as i know, the IPS pattern only covers now the WAF Pattern. It is simply merged together.
__________________________________________________________________________________________________________________
Billybob said:I hope that is not the case as I am a big fan of modsecurity (WAF). Granted its a little hard to configure on the front end than a simple proxy while augmenting it with IPS but I find the reliability of modsecurity far greater than ANY IPS engine which WILL drop packets under heavy load.
Regards
Bill
You misunderstand; I meant that the pattern files with WAF are in the same bundle for updates -- not that the WAF engine is gone, etc. Based on what Lucar says here I think that is the case, they just changed how they bundle the pattern updates.
CTO, Convergent Information Security Solutions, LLC
https://www.convergesecurity.com
Sophos Platinum Partner
--------------------------------------
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
can we have an official/documented response? Thanks
PMStuart Could you please take a look into that?
__________________________________________________________________________________________________________________
PMStuart Could you please take a look into that?
__________________________________________________________________________________________________________________
Originally the WAF pattern update was meant to be a way to update the ModSecurity rules in the field in the case of a critical vulnerability, but in reality we never had a need for it. And in actual fact the rules havent been updated for quite some time.
In v18 we are moving to OWASP 3.1 which brings completely new rules and a new rule engine so with this new version we decided to remove the old up2date WAF code and provide any future OWASP updates that there may be in MR's or major releases.
Hope this explains the situation,
Stuart
Ah.. so I was wrong... I think it may be a mistake to not be able to deploy new rules without a MR update, though.
CTO, Convergent Information Security Solutions, LLC
https://www.convergesecurity.com
Sophos Platinum Partner
--------------------------------------
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.