|
webizen,
why do I feel like I am talking in cirlces with you guys... read my posts above I showed you many rules which none of them work... I have tried every single ruleset available on the internet. None of them work.
SO why dont you as a company support your product and actually show us a ruleset that does work? instead you keep avoiding the fact that you have never provided a ruleset to anyone of your customers which actually works.
Why because they dont otherwise you would provide that list in your documentation ..
it shouldnt be me sending you all 100,000 rules that are available to show you that none fo them work...
it should be you showing your paying customers what rules actually work.
None of the OWASP rules work... none!
Maybe just maybe a small amount of atomics rules work, but I have yet to figure out which ones... but the list of supported atomic rules is so small that you might as well not use it at all cause those couple rules out of 1000's that dont work is going to provide much protection at all.
So why dont you show your customers what rules actually do work and what you do support because it is BS that you believe that your PAYING customers each by themselves should spend hundreds of hours writing out their own rulesets (if they have that knowledge) and testing through trial and error if those ruleset will even work.
And then once they get just a handful of rules that do work... the time was a waste because their limitations didnt allow them to load a ruleset that actually protects the system from any significant amount of attacks.
Search your own damn forums there is literally 100's of customers who ask you to fix the mod security compatiblity but yet you say things like "its low priority if there is more demand for it we might do it.
Why dont you remove mod security support and just tell people you dont support it, or get off your butts and provide a ruleset that will actually help protect systems from more than just a handful of attacks.
I asked you to support OWASP ruleset because it is very basic core ruleset and would be easy for you guys to make work, easier than atomic's ruleset would be but you guys dont want to support any rulesets or provide any rulesets so
Yes it is confirmed you dont support mod security...
|