[Owasp-modsecurity-core-rule-set] Inconsistent Anomaly scoring in modsecurity_crs_41_sql_injection_attacks.conf

David Sinclair dbsinclair at multiservice.com
Mon Jan 9 17:26:10 UTC 2012


David Sinclair <dbsinclair at ...> writes:



I went back to the modsecurity dashboard and did some research on the PHPIDS
rules and discovered this is not a new issue.  I do think it needs to be
reconsidered.  All of the rules in the section are severity 2, Critical and
anomaly score 5, but have score values ranging from 3 to 7.  Having the values
hard coded and on a different severity scale makes using anomaly scoring a bit
difficult.  Am considering raising the tx.critical_anomaly_score and etc to
higher values to be on a similar scale and similarly increasing the inbound
anomaly score threshold.



More information about the Owasp-modsecurity-core-rule-set mailing list