[Owasp-modsecurity-core-rule-set] New CRS v2.0.9 Released in SVN

Ryan Barnett RBarnett at trustwave.com
Fri Oct 29 14:48:31 EDT 2010

I wanted to let you all know that a new CRS v2.0.9 is up in SVN.



Version 2.0.9 - 10/18/2010

- Users can now more easily toggle between traditional/standard mode vs. anomaly scoring mode
  by editing the modsecurity_crs_10_config.conf file
- Updated the disruptive actions in most rules to use "block" action instead of "pass".  This
  is to allow for the toggling between traditional vs. anomaly scoring modes.
- Removed logging actions from most rules so that it can be controlled from the SecDefaultAction
  setting in the modsecurity_crs_10_config.conf file
- Updated the anomaly scores in the modsecurity_crs_10_config.conf file to more closely match
  what is used in the PHPIDS rules.  These still have the same factor of severity even though
  the numbers themselves are smaller.
- Updated the TAG data to further classify attack/vuln categories.
- Updated the SQL Injection filters to detect more boolean logic attacks

Bug Fixes:
- Fixed restricted file extension bug with macro expansion

One of the big changes is that we are trying to make it easier for users to be able to switch back/forth between Anomaly Scoring and Standard operating modes.  You can now control this from within the modsecurity_crs_10_config.conf file.

I would like to get some feedback on these changes before creating a complete TAR/GZ archive.


More information about the Owasp-modsecurity-core-rule-set mailing list