[Owasp-modsecurity-core-rule-set] Lots of troubles with rules and shared hosting

turgut kalfaoğlu turgut at kalfaoglu.com
Mon Jan 11 15:24:31 EST 2010

I recently upgraded the modsecurity 2.something to the latest version.

But these two rulesets are giving me much headache:


For example, a plain HTML web site, but the JPG files are oddly named:

Dumps over a page of "Messages:" in the audit file, talking about 
probably a dozen rules or so that are broken.

The following dynamic site, is likewise:

... belches pages and pages of code, even at debug level 3.

The web server has over 300 hostings - Joomla, PhpNuke, Wordpress, 
homebrew, and plain HTML.

I spent two whole days editing out the core rules, but finally had to 
give up on the "phpids" rulesets altogether.

Was there a better way?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100111/08f4c9e3/attachment.html 

More information about the Owasp-modsecurity-core-rule-set mailing list