[Owasp-modsecurity-core-rule-set] Logs and SecDataDir with 2.0.5 Rules
Ryan.Barnett at breach.com
Thu Mar 4 10:50:29 EST 2010
Brian Rectanus and I will get a new base Mod config soon and it will be in the Mod code archive (basically it will be an updated version of the minimal conf you mentioned).
I would suggest that you use the minimal conf, copy to something like modsecurity_crs_9_config.conf and add needed directives to it. Then make sure to call up this file first in your Apache Include directive.
Ryan C. Barnett
Director of Application Security Research
Breach Security, Inc.
Ryan.Barnett at Breach.com
----- Original Message -----
From: Timothy Legge <timlegge at gmail.com>
To: Ryan Barnett
Cc: owasp-modsecurity-core-rule-set at lists.owasp.org <owasp-modsecurity-core-rule-set at lists.owasp.org>
Sent: Thu Mar 04 10:44:49 2010
Subject: Re: [Owasp-modsecurity-core-rule-set] Logs and SecDataDir with 2.0.5 Rules
No, do not. I assume that most of the settings are in
modsecurity.conf-minimal but it still seems to miss the SecDataDir.
Is there a better base file to work from?
The change makes sense...
On Thu, Mar 4, 2010 at 11:34 AM, Ryan Barnett <Ryan.Barnett at breach.com> wrote:
> We got a lot of feedback that it would be better to remove the ModSecurity config directives from the CRS as most people will customize those settings for their env to control Mod. So in the current CRS we are trying to deal only with rule items.
> Do you have a separate base Mod config file?
> Ryan C. Barnett
> Director of Application Security Research
> Breach Security, Inc.
> Ryan.Barnett at Breach.com
> ----- Original Message -----
> From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org <owasp-modsecurity-core-rule-set-bounces at lists.owasp.org>
> To: owasp-modsecurity-core-rule-set at lists.owasp.org <owasp-modsecurity-core-rule-set at lists.owasp.org>
> Sent: Thu Mar 04 10:15:28 2010
> Subject: [Owasp-modsecurity-core-rule-set] Logs and SecDataDir with 2.0.5 Rules
> The 2.0.5 rules included with modsecurity-apache_2.5.12 seem to be
> causing me some problems. So far I have had to add the following to
> SecAuditLog /var/log/apache2/modsec_audit.log
> SecDebugLog /var/log/apache2/modsec_debug.log
> SecDataDir /var/log/apache2
> Unfortunately this continues to send logs to error.log instead of the
> modsec* logs.
> Have I missed something in the use of this rule set with 2.5.12?
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
More information about the Owasp-modsecurity-core-rule-set