[Owasp-modsecurity-core-rule-set] Suggestion about mixing rules with configuration

Ivan Ristic ivan.ristic at gmail.com
Sun Aug 16 05:45:03 EDT 2009

On Fri, Aug 14, 2009 at 10:22 PM, Ryan Barnett<ryan.barnett at breach.com> wrote:
> On Friday 14 August 2009 04:18:21 pm Ivan Ristic wrote:
>> Hi,
>> I've noticed that the new Core Rules have configuration bits in them
>> -- just like the previous version -- but I don't think that's the
>> right thing to do. I think most users will want to update their rules
>> regularly, but if the configuration bits are there they will be forced
>> to do the whole thing manually every time.
> What exactly do you mean by "configuration bits?"

I mean the contents of the modsecurity_crs_10_config.conf and
modsecurity_crs_10_global_config.conf. Those two belong to the main
ModSecurity distribution, rather than the rules.

Ivan Ristic
Security assessment of your SSL servers

More information about the Owasp-modsecurity-core-rule-set mailing list