[Owasp-modsecurity-core-rule-set] New CRS v2.0.9 Released in SVN
RBarnett at trustwave.com
Fri Oct 29 14:48:31 EDT 2010
I wanted to let you all know that a new CRS v2.0.9 is up in SVN.
Version 2.0.9 - 10/18/2010
- Users can now more easily toggle between traditional/standard mode vs. anomaly scoring mode
by editing the modsecurity_crs_10_config.conf file
- Updated the disruptive actions in most rules to use "block" action instead of "pass". This
is to allow for the toggling between traditional vs. anomaly scoring modes.
- Removed logging actions from most rules so that it can be controlled from the SecDefaultAction
setting in the modsecurity_crs_10_config.conf file
- Updated the anomaly scores in the modsecurity_crs_10_config.conf file to more closely match
what is used in the PHPIDS rules. These still have the same factor of severity even though
the numbers themselves are smaller.
- Updated the TAG data to further classify attack/vuln categories.
- Updated the SQL Injection filters to detect more boolean logic attacks
- Fixed restricted file extension bug with macro expansion
One of the big changes is that we are trying to make it easier for users to be able to switch back/forth between Anomaly Scoring and Standard operating modes. You can now control this from within the modsecurity_crs_10_config.conf file.
I would like to get some feedback on these changes before creating a complete TAR/GZ archive.
More information about the Owasp-modsecurity-core-rule-set