[Owasp-modsecurity-core-rule-set] CRS Paranoia Mode: Let's get going

Chaim Sanders CSanders at trustwave.com
Wed Jan 13 17:27:32 UTC 2016


Hey guys,
The rule renumbering script (available in the repo at
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0.0-rc1/id_renu
mbering) takes in a csv that breaks down the changes in rule numbers. One
can use that to easily change numbering. The goal was though that if you
setup CRS correctly that you would only have to fix your exceptions file
after updating :)

On 1/13/16, 4:42 AM,
"owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of Leos
Rivas Manuel" <owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on
behalf of Manuel.LeosRivas at gemalto.com> wrote:

>Hello list,
>
>For upgrading from CRS 2.2.9 to 3.0 RC1 there is an
>http://scanmail.trustwave.com/?c=4062&d=maKW1rV5uDoeLgplZxqhjraEVTyuxN3CT5
>YWh144-g&s=5&u=http%3a%2f%2fupdate%2epy script to renumber the rules,
>does it includes all rule id changes already?
>
>If so just for comparison purposes running the script against the 2.2.9
>CRS will update the id numbers to match those in 3.0RC1, am I right?
>
>I'm working on doing a comparison of both rulesets to see what the
>differences are.
>
>Regards,
>Manuel
>
>-----Original Message-----
>From: Christian Folini [mailto:christian.folini at netnea.com]
>Sent: vendredi 8 janvier 2016 18:12
>To: Leos Rivas Manuel
>Subject: Re: CRS Paranoia Mode: Let's get going
>
>Hello Leos,
>
>I knew Chaim planned to do an re-numbering, but he was faster than I
>anticipated.
>
>If you do not mind, then let's discuss this on the mailinglist.
>Ask the question there and we'll if Chaim or the others have anything to
>add. I had two people thinking about hooking up last night...
>
>Ahoj,
>
>Christian
>
>--
>In war you will generally find that the enemy has at any time three
>courses of action open to him. Of those three, he will invariably choose
>the fourth.
>-- Helmuth Von Moltke
>________________________________
> This message and any attachments are intended solely for the addressees
>and may contain confidential information. Any unauthorized use or
>disclosure, either whole or partial, is prohibited.
>E-mails are susceptible to alteration. Our company shall not be liable
>for the message if altered, changed or falsified. If you are not the
>intended recipient of this message, please delete it and notify the
>sender.
>Although all reasonable efforts have been made to keep this transmission
>free from viruses, the sender will not be liable for damages caused by a
>transmitted virus.
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
>http://scanmail.trustwave.com/?c=4062&d=maKW1rV5uDoeLgplZxqhjraEVTyuxN3CT8
>JD2lw_oQ&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow
>asp-modsecurity-core-rule-set


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


More information about the Owasp-modsecurity-core-rule-set mailing list