[Owasp-modsecurity-core-rule-set] New CRS v2.0.9 Released in SVN
RBarnett at trustwave.com
Fri Oct 29 15:37:29 EDT 2010
On 10/29/10 3:28 PM, "George Notaras" <gnot at g-loaded.eu> wrote:
> On 29/10/2010 21:48, Ryan Barnett wrote:
>> - Users can now more easily toggle between traditional/standard mode vs.
>> anomaly scoring mode
>> by editing the modsecurity_crs_10_config.conf file
> Hello list,
> This is the first time I post to this mailing list, so I'd like to say
> thanks to all who have contributed to this project.
> I have several questions about the ruleset, but, for now, reading about
> this new feature I'd like to ask whether toggling to standard mode also
> reverts logging back to the mod-security default, which records every
> message to the apache's error_log using the old format.
> Thanks in advance.
Good question and the answer is yes. In the 10 config file, you can edit
the SecDefaultAction setting to suit your needs -
# You can also decide how you want to handle logging actions. You have
three options -
# - To log to both the Apache error_log and ModSecurity audit_log file
use - log
# - To log *only* to the ModSecurity audit_log file use -
# - To log *only* to the Apache error_log file use - log,noauditlog
More information about the Owasp-modsecurity-core-rule-set