Chapter 13
Passive Response Actions
Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive.
—Sun Tzu in The Art of War
Passive response actions are any changes or actions made as a result of detection rules that the end user cannot directly perceive. These actions have no direct impact on the user or his or her web application session. These scenarios often are not severe enough to warrant any active or intrusive response actions. These responses may simply provide information to third-party systems or security personnel for further review.
- ModSecurity
- TX:ANOMALY_SCORE variable
- IP:ANOMALY_SCORE variable
- SESSION:ANOMALY_SCORE variable
- @gt operator
- @ge operator
- @lt operator
- setvar action
- initcol action
- setsid action
# # -=[ SQL Tautologies ]=- # SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/| REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \ "(?i:([\s'\"'´''\(\)]*)([\d\w]++)([\s'\"'´''\(\)]*)(?:(?:=|<=>|r?lik e|sounds\s+like|regexp)([\s'\"'´''\(\)]*)\2|(?:!=|<=|>=|<>|<|>|\^|is ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.