AtomiCorp: Security for Everyone

Twitter Feed

from:Atomicorp - Twitter Search

Atomicorp: Realtime WAF/#modsecurity rules: Updates to XSS protection rules

Atomicorp: Realtime WAF/#modsecurity rules: Updates to RFI and system path protection rules

Atomicorp: Realtime AntiMalware Protection System: New web malware protection rules added

Atomicorp: Realtime WAF/#modsecurity rules: Updates to XSS and RFI protection rules

Atomicorp: Realtime WAF/#modsecurity rules: Updates to web spam protection rules

Follow AtomiCorp on Twitter

New WAF rule class

Written by Michael Shinn

Thursday, 31 March 2011 13:57

We've added a new rules class to the WAF "untrusted code content". Untrusted code rule classes allows us to detect cases where web code may be allowed, but will still be inspected to determine if its malicious. This allows for a more nuanced approach to cross site scripting attack protection, that significantly reduces false positives without diminishing protection against cross site scripting.

You'll see two new rules 350147 and 350148 that make up the beginning of this rule class. False positives with malicious cross site scripting rules 340147, 340148 and 340149 should be almost eliminated now.

< Prev		Next >

Add comment

JComments