[Owasp-modsecurity-core-rule-set] Initial report

Christian Folini christian.folini at netnea.com
Sat Aug 20 03:23:07 UTC 2016

Hi Bill,

On Fri, Aug 19, 2016 at 06:05:50PM -0500, Bill Miller wrote:
> I was able to install CRS 3.0 on my Ubuntu Apache 2.4 system.

Cool. Thanks for reporting.

> After a few hours of troubleshooting, I have all the REQUESTs
> working successfully except REQUEST-920-PROTOCOL-ENFORCEMENT.conf
> and RESPONSE-950-DATA-LEAKAGES.conf.  They are causing Modsecurity
> to throw syntax errors of the form "Found another rule with the same
> id".  The rules in question are 920011 and 950020.
> ...
> Since I am still running CRS 2.9, that may be where the conflict is.

These are rules from the optionalr_rules folder of CRS 2.2.x.

The CRS3 INSTALL file warns against parallel installations. However,
we support parallel installations with the base_rules of CRS2, but
not with any additional optional_rules and experimental_rules. slr_rules
would work though.

Once you remove the said rules from your old rules files, the
parallel install should work.

For a more smooth transition, the official stance is to remove all
the CRS2 rules before you deploy CRS3.



History teaches us that men and nations behave wisely once they have
exhausted all other alternatives.
-- Abba Eban

More information about the Owasp-modsecurity-core-rule-set mailing list