[Owasp-modsecurity-core-rule-set] New CRS v2.0.9 Released in SVN

Ryan Barnett RBarnett at trustwave.com
Fri Oct 29 15:37:29 EDT 2010


On 10/29/10 3:28 PM, "George Notaras" <gnot at g-loaded.eu> wrote:

> On 29/10/2010 21:48, Ryan Barnett wrote:
>> - Users can now more easily toggle between traditional/standard mode vs.
>> anomaly scoring mode
>>   by editing the modsecurity_crs_10_config.conf file
> 
> Hello list,
> 
> This is the first time I post to this mailing list, so I'd like to say
> thanks to all who have contributed to this project.
> 
> I have several questions about the ruleset, but, for now, reading about
> this new feature I'd like to ask whether toggling to standard mode also
> reverts logging back to the mod-security default, which records every
> message to the apache's error_log using the old format.
> 
> Thanks in advance.

Good question and the answer is yes.  In the 10 config file, you can edit
the SecDefaultAction setting to suit your needs -

# You can also decide how you want to handle logging actions.  You have
three options -
#
#       - To log to both the Apache error_log and ModSecurity audit_log file
use - log
#       - To log *only* to the ModSecurity audit_log file use -
nolog,auditlog
#       - To log *only* to the Apache error_log file use - log,noauditlog
#
SecDefaultAction "phase:2,pass,nolog,auditlog"





More information about the Owasp-modsecurity-core-rule-set mailing list