[Owasp-modsecurity-core-rule-set] Initial report
christian.folini at netnea.com
Sun Aug 21 07:53:32 UTC 2016
On Sat, Aug 20, 2016 at 05:00:29PM -0500, Bill Miller wrote:
> Conflicts were with optional rules in CRS2.9, all resolved.
> Ran CRS3 for 24 hours on virtual machine with no problems.
> Just moved to production server to continue testing.
Cool. Glad to hear it worked. Please keep up posted how you fare in
prod. That fact you are (if I dare say) - _not_ a ModSec expert makes
your reports all the more valuable.
> On 08/19/2016 06:05 PM, Bill Miller wrote:
> >I was able to install CRS 3.0 on my Ubuntu Apache 2.4 system.
> >After a few hours of troubleshooting, I have all the REQUESTs
> >working successfully except REQUEST-920-PROTOCOL-ENFORCEMENT.conf
> >and RESPONSE-950-DATA-LEAKAGES.conf. They are causing Modsecurity
> >to throw syntax errors of the form "Found another rule with the
> >same id". The rules in question are 920011 and 950020.
> >This is early info and I've done no additional troubleshooting.
> >Since I am still running CRS 2.9, that may be where the conflict
> >is. Or some other configuration problem on my side.
> >Owasp-modsecurity-core-rule-set mailing list
> >Owasp-modsecurity-core-rule-set at lists.owasp.org
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
mailto:christian.folini at netnea.com
More information about the Owasp-modsecurity-core-rule-set