[Owasp-modsecurity-core-rule-set] Lots of troubles with rules and shared hosting

turgut kalfaoğlu turgut at kalfaoglu.com
Mon Jan 11 15:24:31 EST 2010


I recently upgraded the modsecurity 2.something to the latest version.

But these two rulesets are giving me much headache:

modsecurity_crs_41_phpids_converter.conf
modsecurity_crs_41_phpids_filters.conf

For example, a plain HTML web site, but the JPG files are oddly named:
http://www.learningpracticalturkish.com/yasemin-unlu--movie-cover--koylu-kizi150x147.jpg 


Dumps over a page of "Messages:" in the audit file, talking about 
probably a dozen rules or so that are broken.

The following dynamic site, is likewise:
http://noroloji.biz/index.php?option=com_content&view=article&id=46&Itemid=97 

... belches pages and pages of code, even at debug level 3.

The web server has over 300 hostings - Joomla, PhpNuke, Wordpress, 
homebrew, and plain HTML.

I spent two whole days editing out the core rules, but finally had to 
give up on the "phpids" rulesets altogether.

Was there a better way?

Thanks!
  -turgut

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100111/08f4c9e3/attachment.html 


More information about the Owasp-modsecurity-core-rule-set mailing list