Feature Wiki

Information about planned and released features

Tabs

Support for mod security rule sets

If you need any help in filling out this wiki page, please visit our ILIAS Community FAQ.

1 Initial Problem

mod_security is a container for web application firewall rulesets, which are delivered with many linux based operating systems.

One popular collection of rulesets is provided by OWASP ModSecurity Core Rule Set Project.

Activating mod_security without any modifications is currently not possible, since some rules report false positives. Other rules are failing due to  minor code/protocol errors in ILIAS.

2 Conceptual Summary

{Please add a brief summary on how you would like the problem to be solved.}

3 User Interface Modifications

3.1 List of Affected Views

{Please list all views (screens) of ILIAS that should be modified, newly introduced or removed.}

3.2 User Interface Details

{For each of these views please list all user interface elements that should be modified, added or removed. Please provide the textual appearance of the UI elements and their interactive behaviour.}

3.3 New User Interface Concepts

{If the proposal introduces any completely new user interface elements, please provide a link to separate feature wiki entries for each of them according to the kitchen sink template.}

4 Technical Information

List of currently incompatible rules (CRS 2.2, work in progress):

  • 970903: Wrongly classified ASP/JSP leakage
  • 981173: Wrongly classified SQL injection attempt
  • 973338: Wrongly classified XSS attack

5 Contact

  • Author of the Request: {Please add your name.}
  • Maintainer: {Please add your name before applying for an initial workshop or a Jour Fixe meeting.}
  • Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

6 Funding

If you are interest in funding this feature, please add your name and institution to this list.

  • ...

7 Discussion

8 Implementation

{The maintainer has to give a description of the final implementation and add screenshots if possible.}

Test Cases

Test cases completed at {date} by {user}

  • {Test case number linked to Testrail} : {test case title}

Approval

Approved at {date} by {user}.

Last edited: 19. Jun 2018, 13:10, Baumgartner, Robin [rbaumgartner]