[Owasp-modsecurity-core-rule-set] CRS Directory Format Question

[Ryan Barnett]

The current OWASP CRS archive has a number of directories that hold different rules -

 *   base_rules
 *   optional_rules
 *   slr_rules
 *   experimental_rules

I am thinking that most ModSecurity users want to use Apache Include wild-carding when activating rulesets -

<IfModule security2_module>
               Include conf/modsecurity_crs/*.conf
               Include conf/modsecurity_crs/base_rules/*.conf
</IfModule>

While this is certainly convenient, this does cause a problem.  The various rules files have a numbering scheme whose purpose to to help ensure that the rules file are executed in the proper order when wild-carding with includes.  Activating these rules are challenging when separated into the different directories.

<IfModule security2_module>
               Include conf/modsecurity_crs/*.conf
               Include conf/modsecurity_crs/base_rules/*.conf
               Include conf/modsecurity_crs/optional_rules/*.conf

</IfModule>

So, what I am thinking is that we should add an empty directory called -

 *   activated_rules

The sole purpose of this directory would be for the local Admin to copy all files that they want to run into that one directory.  When they do this, then the file name numbering scheme will work and it will allow for easier Include wild-carding -

<IfModule security2_module>
               Include conf/modsecurity_crs/*.conf
               Include conf/modsecurity_crs/activated_rules/*.conf
</IfModule>

How does this approach sound to everyone?

-Ryan