[Owasp-modsecurity-core-rule-set] Help with Cole Rule Set

Josue Del Valle jodelvalle at gmail.com
Mon Aug 3 00:03:06 EDT 2009


I am new to mod_security and new to Apache.  I've been asked by my employer
to configure and secure an Apache server that will run on Windows.  I've
been reading about the Core Rules and understand that initially they should
be set to DetectOnly mode and that I should check my logs for false
positives before turning them on.  What I am not sure is what I will be
looking for in the logs.  The type of attacks or false positives blocks,
  How can I identify false positives?  For how long should I run it on
DetectOnly mode?  Bottom line, I will really appreciate if someone can point
me in the right direction.  Thanks in advance for your help.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20090803/72cc85a1/attachment.html 

More information about the Owasp-modsecurity-core-rule-set mailing list