[Owasp-modsecurity-core-rule-set] Initial report

Christian Folini christian.folini at netnea.com
Sun Aug 21 07:53:32 UTC 2016


On Sat, Aug 20, 2016 at 05:00:29PM -0500, Bill Miller wrote:
> Conflicts were with optional rules in CRS2.9, all resolved.
> 
> Ran CRS3 for 24 hours on virtual machine with no problems.
> 
> Just moved to production server to continue testing.

Cool. Glad to hear it worked. Please keep up posted how you fare in
prod. That fact you are (if I dare say) - _not_ a ModSec expert makes 
your reports all the more valuable.

Ahoj,

Christian


> 
> On 08/19/2016 06:05 PM, Bill Miller wrote:
> >I was able to install CRS 3.0 on my Ubuntu Apache 2.4 system.
> >
> >After a few hours of troubleshooting, I have all the REQUESTs
> >working successfully except REQUEST-920-PROTOCOL-ENFORCEMENT.conf
> >and RESPONSE-950-DATA-LEAKAGES.conf.  They are causing Modsecurity
> >to throw syntax errors of the form "Found another rule with the
> >same id".  The rules in question are 920011 and 950020.
> >
> >This is early info and I've done no additional troubleshooting.
> >Since I am still running CRS 2.9, that may be where the conflict
> >is.  Or some other configuration problem on my side.
> >
> >Cheers,
> >Bill
> >_______________________________________________
> >Owasp-modsecurity-core-rule-set mailing list
> >Owasp-modsecurity-core-rule-set at lists.owasp.org
> >https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
> >
> 
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

-- 
https://www.feistyduck.com/training/modsecurity-training-course
mailto:christian.folini at netnea.com
twitter: @ChrFolini


More information about the Owasp-modsecurity-core-rule-set mailing list