Inquiry About Project Honeypot Integration with ModSecurity...
68 views
Skip to first unread message
Michael Bullut
Mar 8, 2025, 2:02:14 AMMar 8
to modsecurity-core...@owasp.org
Good Morning Team,
I hope this e-mail finds you well. I am reaching out to inquire about the integration of Project Honeypot with ModSecurity. I noticed that Project Honeypot is no longer listed among the features of ModSecurity, and I was wondering if this integration is still supported.
If the integration has been removed, could someone kindly provide insight into the reasons behind this decision? Was it due to technical limitations or other factors?
Any clarification on this matter would be greatly appreciated, as it would help me better understand the current capabilities and roadmap of ModSecurity.
Thank you in advance for your time and assistance.
If the integration has been removed, could someone kindly provide insight into the reasons behind this decision? Was it due to technical limitations or other factors?
Any clarification on this matter would be greatly appreciated, as it would help me better understand the current capabilities and roadmap of ModSecurity.
Thank you in advance for your time and assistance.
Ervin Hegedüs
Mar 8, 2025, 2:56:27 PMMar 8
to Michael Bullut, modsecurity-core...@owasp.org
Hi Michael,
thanks for your e-mail.
As a co-leader of ModSecurity Project, unfortunately I don't know when and why it was removed.
But as I know, the Honeypot Project is still alive:
and see the repository of that site:
It seems like Honeypot uses ModSecurity.
Probably the best thing what you can do is ask the project maintainer:
I met him last November and he still works on that project.
Regards,
a.
--
You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/CAGy%2BNY1zaRZrUhfGTsCxeSybsN6iUbiuv6dBDbKn7VroXw%3D3tw%40mail.gmail.com.
Michael Bullut
Mar 9, 2025, 9:42:20 AMMar 9
to Ervin Hegedüs, modsecurity-core...@owasp.org
Greetings Ervin,
Thank you for your prompt response and I truly appreciate your help in moving this forward. I’ve already contacted Adrian to seek further clarification regarding my inquiries on Project Honeypot, and I’m hopeful his insights will help resolve my questions.
Once again, thank you for your support. If there’s anything else I should know or if you have additional advice, please don’t hesitate to share.
Warm regards,
Once again, thank you for your support. If there’s anything else I should know or if you have additional advice, please don’t hesitate to share.
Warm regards,
Michael.
Andrew Howe
Mar 17, 2025, 7:59:56 PMMar 17
to Michael Bullut, modsecurity-core...@owasp.org
Hello Michael,
My apologies for the delay in getting this reply and information to you.
The Project Honeypot integration in the ModSecurity engine via the
'rbl' operator should still work, as far as I know. (It is documented
for both v2 and v3, so it should still work in both versions of the
engine.)
On the OWASP CRS side, we removed the configuration and integration
with Project Honeypot from the rule set in 2022. The reason for this
decision was that it was considered not to be part of the core CRS
functionality.
In preparation for the v4.0.0 release, many pieces of non-core CRS
functionality were removed. Some of the removed non-core functionality
was moved into plugins. The Project Honeypot functionality was not
moved into a plugin, but there is still an issue open regarding this.
So far, this has not been done. It would require an interested party
with the necessary time in order to complete this work.
https://github.com/coreruleset/coreruleset/issues/2501
For full reference and more information, please see the following
GitHub issue comment: it conveniently links to each of the relevant
issues and PRs from a single place:
https://github.com/coreruleset/coreruleset/issues/3195#issuecomment-1507127952
Can I ask, what is your use case? Would you be interested in creating
a Project Honeypot / 'rbl' plugin for CRS?
I hope this information helps.
Thanks very much,
Andrew Howe
On Sat, 8 Mar 2025 at 07:02, 'Michael Bullut' via ModSecurity Core
My apologies for the delay in getting this reply and information to you.
The Project Honeypot integration in the ModSecurity engine via the
'rbl' operator should still work, as far as I know. (It is documented
for both v2 and v3, so it should still work in both versions of the
engine.)
On the OWASP CRS side, we removed the configuration and integration
with Project Honeypot from the rule set in 2022. The reason for this
decision was that it was considered not to be part of the core CRS
functionality.
In preparation for the v4.0.0 release, many pieces of non-core CRS
functionality were removed. Some of the removed non-core functionality
was moved into plugins. The Project Honeypot functionality was not
moved into a plugin, but there is still an issue open regarding this.
So far, this has not been done. It would require an interested party
with the necessary time in order to complete this work.
https://github.com/coreruleset/coreruleset/issues/2501
For full reference and more information, please see the following
GitHub issue comment: it conveniently links to each of the relevant
issues and PRs from a single place:
https://github.com/coreruleset/coreruleset/issues/3195#issuecomment-1507127952
Can I ask, what is your use case? Would you be interested in creating
a Project Honeypot / 'rbl' plugin for CRS?
I hope this information helps.
Thanks very much,
Andrew Howe
On Sat, 8 Mar 2025 at 07:02, 'Michael Bullut' via ModSecurity Core
Reply all
Reply to author
Forward
0 new messages