December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Recipe 11-2: Detecting a Large Number of Files
This recipe shows you how to use ModSecurity to enforce limits on the number of files uploaded in a transaction.
Ingredients
- OWASP ModSecurity Core Rule Set (CRS)
- modsecurity_crs_10_setup.conf
- modsecurity_crs_23_request_limits.conf
- ModSecurity
- FILES variable
- @gt operator
CAPEC-119: Resource Depletion
An attacker depletes a resource to the point that the target’s functionality is affected. Virtually any resource necessary for the target’s operation can be targeted in this attack. The result of a successful resource depletion attack is usually the degrading or denial of one or more services offered by the target. Resources required will depend on the nature of the resource to be depleted, the amount of the resource the target has access to, and other mitigating circumstances, such as the target’s ability to shift load, detect and mitigate resource depletion attacks, or acquire additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more resources the attacker will need to have at their disposal.
Sample Attack
If the target web application does not restrict the number of files accepted for a file uploading resource, attackers may be able to cause a denial-of-service condition by filling up the local disk storage on the web server.
Preventing a Large Number of File Uploads
You can implement ...