[Owasp-modsecurity-core-rule-set] Initial report

Christian Folini christian.folini at netnea.com
Sat Aug 20 03:23:07 UTC 2016


Hi Bill,

On Fri, Aug 19, 2016 at 06:05:50PM -0500, Bill Miller wrote:
> I was able to install CRS 3.0 on my Ubuntu Apache 2.4 system.

Cool. Thanks for reporting.

> After a few hours of troubleshooting, I have all the REQUESTs
> working successfully except REQUEST-920-PROTOCOL-ENFORCEMENT.conf
> and RESPONSE-950-DATA-LEAKAGES.conf.  They are causing Modsecurity
> to throw syntax errors of the form "Found another rule with the same
> id".  The rules in question are 920011 and 950020.
> ...
> Since I am still running CRS 2.9, that may be where the conflict is.

These are rules from the optionalr_rules folder of CRS 2.2.x.

The CRS3 INSTALL file warns against parallel installations. However,
we support parallel installations with the base_rules of CRS2, but
not with any additional optional_rules and experimental_rules. slr_rules
would work though.

Once you remove the said rules from your old rules files, the
parallel install should work.

For a more smooth transition, the official stance is to remove all
the CRS2 rules before you deploy CRS3.

Cheers,

Christian


-- 
History teaches us that men and nations behave wisely once they have
exhausted all other alternatives.
-- Abba Eban


More information about the Owasp-modsecurity-core-rule-set mailing list