|
|
What is OWASP?
This package consists of rulesets derived from the OWASP ModSecurity Core Rule Set. These provide an easily pluggable set of generic attack detection rules that provide a base level of protection for any web application.
The OWASP rules operate in scoring threshold mode: each match against a rule increases the threat score of that request. Once a request exceeds a configurable sensitivity threshold (off, low, or high), the action is taken. This action can be simulate (create a log entry but do not block the request), challenge (present the user with an in-browser challenge page, and log), or block (reject the request and log).
Individual rule groups within the OWASP package can be enabled or disabled in "rule details", after which rules can be managed at the individual rule level through the advanced option. |
|
发表于 2015-10-17 23:16:01