[Owasp-modsecurity-core-rule-set] Lots of troubles with rules and shared hosting
turgut at kalfaoglu.com
Mon Jan 11 15:24:31 EST 2010
I recently upgraded the modsecurity 2.something to the latest version.
But these two rulesets are giving me much headache:
For example, a plain HTML web site, but the JPG files are oddly named:
Dumps over a page of "Messages:" in the audit file, talking about
probably a dozen rules or so that are broken.
The following dynamic site, is likewise:
... belches pages and pages of code, even at debug level 3.
The web server has over 300 hostings - Joomla, PhpNuke, Wordpress,
homebrew, and plain HTML.
I spent two whole days editing out the core rules, but finally had to
give up on the "phpids" rulesets altogether.
Was there a better way?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set