[Owasp-modsecurity-core-rule-set] Basic questions; Anomaly Scoring & id's
benwilliams+owasp at joobworld.com
Wed Nov 21 22:34:22 UTC 2012
It's because modsecurity 2.7 requires id on each rule but the CRS don't
have ids on every rule. I'm unaware of a convention for choosing rule
numbers, maybe just choose any id number that is not currently used.
On Mon, Nov 19, 2012 at 1:29 AM, Gene <gnets1 at yahoo.co.uk> wrote:
> I'm trying out current OWASP core rule set and have some basic questions
> first (no doubt lots more later!)
> This article from 2010 about 'Anomaly Scoring' is referenced quite a lot:
> in the article there are references to 'Anomaly Scoring' and to examples
> But in the 10_conf.example file things seem to have shifted somewhat in 2
> So am I correct that:
> 'Anomaly Scoring' has now become 'Collaborative Detection Scoring'
> Also in that article it mentions unblocking a rule at end of
> However doing that results in this error:
> 'Starting httpd: Syntax error on line 34 of
> 'ModSecurity: No action id present within the rule'
> I'm pretty sure I read that all rules now require an 'id' (?)
> Incrementing by 1 from rules above it to give id:981177 doesnt work:
> 'ModSecurity: Found another rule with the same id'
> So what is method to get an id for this rule? any other rule?
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set