Cool Rules

Got a Cool Rule? We want to know about it.

Welcome to the ModSecurity Cool Rule program. The program is designed to enable ModSecurity rule developers to share their rules with the community, and reap the rewards of their good work.

You are invited to submit rules you have written (see "guidelines" and "how to" below) to the community. Every entrant will receive a free prize. Every month, beginning March 7, 2007, the winner of Cool Rule of the Month program will be announced during the Cool Rules webinar hosted by Ryan Barnett, power ModSecurity user, author of "Preventing Web Attacks with Apache" and Director of Training for Breach Security. The winner is also invited to participate in the webinar and explain how the rule works.

Rule submission guidelines:

1. We are looking for rules that you have created to solve complex or unique issues that you are facing in our own ModSecurity deployment. Some example rules might address challenges such as identifying and responding to brute force attacks, tracking session-based attacks and virtual patches for newly discovered vulnerabilities.
2. These rules should not already be covered by the same functionality of the Core Rule set.

How to submit a rule:

1. Please submit your rules to the ModSecurity mail-list.
2. When you send the rule, please include a brief overview of the problem you are trying to address, as well as, the accompanying ModSecurity rules with proper comments specifying what each section of the rule is trying to accomplish.
3. The rules will then be evaluated for aspects such as; use of ModSecurity 2.0 features, complex chained rules (that help to minimize false positives), optimized regular expressions, etc...

When we receive a great rule, we will do the following:

1. Create a Blog entry on the rule
2. Include the rule in an upcoming Cool Rules webcast. The user who submitted the rule will receive proper credits.
3. Send the user some ModSecurity merchandise - such as a ModSecurity t-shirt!

Thanks for participating!

Ryan C. Barnett