Protocol anomalies rules

rspadim / naxsi

Automatically exported from code.google.com/p/naxsi

Other

0 stars 0 forks source link

Protocol anomalies rules #50

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

Will be a nice idea to have a set of rules to avoid automated queries, spammers 
like with modescurity (Missing/empty host header, missing/empty accept header, 
missing/empty user-agent header).

Cheers

Original issue reported on code.google.com by pititis....@gmail.com on 10 Nov 2012 at 12:34

GoogleCodeExporter commented 8 years ago

Hello,

Naxsi already has a few rules like this, but I agree it's somehow too limited.
If you have a list of suggestions, it would be great. So far, it's really focus 
on 'real' anomalies (ie. non parsable data, format breaking RFC).

Original comment by ori...@gmail.com on 7 Jan 2013 at 6:01

GoogleCodeExporter commented 8 years ago

this would be great, something like

"str:__empty__" "mz:$HEADERS_VAR:Host|$HEADERS_VAR:User-Agent"

mex

Original comment by lazy.dog...@gmail.com on 7 Jan 2013 at 7:06

GoogleCodeExporter commented 8 years ago

Original comment by didier.c...@googlemail.com on 4 Apr 2013 at 1:52

Changed state: New
Added labels: Component-Contribs, Type-Enhancement