[Owasp-modsecurity-core-rule-set] ARGS against PUT

Chaim Sanders CSanders at trustwave.com
Tue Mar 8 05:14:28 UTC 2016

The CRS project has always been in a somewhat continuos development model.
In general this becomes very problematic as the team does not package the
software for different distro¹s. If you would like to see CRS updated in
your distro, please do encourage the packager to upgrade. As a rule of
thumb starting with 3.0 (Which is forthcoming) we will try to provide more
solid versioning.

On 3/7/16, 5:26 PM,
"owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
Brian Davis (bridavis)"
<owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
bridavis at cisco.com> wrote:

>Thanks, Athmane.
>One question, what is mod_security_crs package at 2.2.6 while the Git repo
>is at 2.2.9?
>On 3/7/16, 7:00 AM,
>"owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
>owasp-modsecurity-core-rule-set-request at lists.owasp.org"
><owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
>owasp-modsecurity-core-rule-set-request at lists.owasp.org> wrote:
>>Send Owasp-modsecurity-core-rule-set mailing list submissions to
>>      owasp-modsecurity-core-rule-set at lists.owasp.org
>>To subscribe or unsubscribe via the World Wide Web, visit
>>      http://scanmail.trustwave.com/?c=4062&d=44be1sNUaV9vNA9G3yRDc8FWV2nKlV1_
>>or, via email, send a message with subject or body 'help' to
>>      owasp-modsecurity-core-rule-set-request at lists.owasp.org
>>You can reach the person managing the list at
>>      owasp-modsecurity-core-rule-set-owner at lists.owasp.org
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of Owasp-modsecurity-core-rule-set digest..."
>>Today's Topics:
>>   1. Re: ARGS against PUT (was Re: Owasp-modsecurity-core-rule-set
>>      Digest, Vol 83, Issue 8) (Athmane Madjoudj)
>>Message: 1
>>Date: Sun, 6 Mar 2016 22:48:25 +0100
>>From: Athmane Madjoudj <athmane at fedoraproject.org>
>>To: "Brian Davis (bridavis)" <bridavis at cisco.com>
>>Cc: "owasp-modsecurity-core-rule-set at lists.owasp.org"
>>      <owasp-modsecurity-core-rule-set at lists.owasp.org>
>>Subject: Re: [Owasp-modsecurity-core-rule-set] ARGS against PUT (was
>>      Re: Owasp-modsecurity-core-rule-set Digest, Vol 83, Issue 8)
>>      <CAOV0wtPOyr-mmufVUxPBUHo-Kqe_rxoTxq2Hegg7X7tnRTOFLQ at mail.gmail.com>
>>Content-Type: text/plain; charset=UTF-8
>>Hi Brian,
>>On Sun, Mar 6, 2016 at 4:49 PM, Brian Davis (bridavis)
>><bridavis at cisco.com> wrote:
>>> (For some reason I didn?t get the direct email response.)
>>> After doing some more research, I think it?s relates to the fact that
>>> <script> is in a JSON payload, and it turns out I?m not running a
>>> enough version of mod security which supports JSON parsing. CentOS 7.1
>>> only packaging 2.7.3, where as JSON parser comes in 2.8.
>>> I?m working on manually upgrading and trying again to see if that
>>You may use this repo which is the same package version as Fedora
>>development branch.
>>Best regards.
>>- Athmane
>>Owasp-modsecurity-core-rule-set mailing list
>>Owasp-modsecurity-core-rule-set at lists.owasp.org
>>End of Owasp-modsecurity-core-rule-set Digest, Vol 83, Issue 14
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

More information about the Owasp-modsecurity-core-rule-set mailing list