Home > Uncategorized
Uncategorized
Presentations
- 2007-08-04 (Sat)
- Uncategorized
Here we collect links to presentations done in the past or in the future, and their materials (slides, audio and video) if available. Some of them are available only in English while otheres are in Japanese.
ImageFight!
LL Spirit - Lightning Talks (2007-08-04)
powerpoint
- ImageFight! - introduction of mod_imagefight - 4min version (in Japanese)
http://wafful.org/mod_imagefight/ImageFight-LL2007.ppt
Abstract
Recently it was reported that some picture files buried within the attack code of PHP was discovered on the major hosting site.
The RFI attack of PHP code can be buried within GIF, PNG, JPEG, and other picture files.
It explains the five methods of fight against the attack code buried under the image files, and think about the safe image uploader.
- Comments (Close): 0
- TrackBack (Close): 0
Download
- 2007-08-03 (Fri)
- Uncategorized
Download software (source code available)
mod_imagefight
SOURCE
NOTICE
- This is an ALPHA release.
- DO NOT use production server.
INSTALL
To play with this imagefight module first compile it into a DSO file and install it into Apache’s modules directory by running:
$ apxs -c -i mod_imagefight.c
SETUP
Then activate it in Apache’s httpd.conf file for instance for the URL / in as follows:
# httpd.conf
LoadModule imagefight_module modules/mod_imagefight.so
<Location />
AddOutputFilterByType ImageFight image/gif image/jpeg image/png image/bmp
# AddOutputFilter ImageFight .png .bmp .gif .jpg .jpeg
</Location>
for DEBUG only (disable browser cache)
# LoadModule headers_module modules/mod_headers.so
<IfModule mod_headers.c>
RequestHeader unset If-Modified-Since
RequestHeader unset If-None-Match
Header unset Last-Modified
Header unset ETag
</IfModule>
- Comments (Close): 0
- TrackBack (Close): 0
About
- 2007-08-03 (Fri)
- Uncategorized
wafful.org is a Yet Another Web Application Firewall Project for mod_imagefight, mod_wafful…
ImageFight!
- mod_imagefight - Apache 2 output filter
- sanitized image files (PNG, BMP, GIF, JPEG)
- insert anti-RFI/XSS code into the image dynamically
- work around the IE6’s XSS by server side transparently
- download
WAFful
- mod_wafful - Apache 2 input filter
- blocking XSS and SQL injections with white list
- .htaccess
- coming soon…
- Comments (Close): 0
- TrackBack (Close): 0
Home > Uncategorized
- Feeds
- Meta