[Owasp-modsecurity-core-rule-set] A Recommended Base Configuration
RBarnett at trustwave.com
Fri Apr 1 11:34:24 EDT 2011
One more note I should have included – in order to make this process sane, we will assume that no email responses means you are in agreement. Speak up if you feel as though the recommended configuration setting is not the best and why.
From: Ryan Barnett <rbarnett at trustwave.com<mailto:rbarnett at trustwave.com>>
Date: Fri, 1 Apr 2011 10:28:24 -0500
To: "mod-security-users at lists.sourceforge.net<mailto:mod-security-users at lists.sourceforge.net>" <mod-security-users at lists.sourceforge.net<mailto:mod-security-users at lists.sourceforge.net>>
Cc: "owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>" <owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>>
Subject: A Recommended Base Configuration
There has been a number of past email threads discussing the need for a recommended "base configuration" for ModSecurity configuration directives. These are settings that the local Admin uses to control the overall settings of ModSecurity (rule and audit engine, log files locations, whether to inspect request/response bodies, etc…). These are configurations that should not be included within 3rd party rule sets (such as the OWASP ModSecurity CRS).
We have taken the main.conf file recommended by Ivan Ristic in this thread (https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2009-August/000052.html) and added it to the Reference Manual Wiki -
In order to have easier tracking, I will be sending out individual emails with the directive name in the subject line so that we can openly discuss what the community believes should be the recommended initial configuration. Based on the results, we will update the wiki and include this file within the upcoming ModSecurity 2.6 release.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
More information about the Owasp-modsecurity-core-rule-set