[Owasp-modsecurity-core-rule-set] Need Help for Mod security

Joshua Roback jroback at gmail.com
Tue Jul 14 13:26:00 UTC 2015

1) Typically open source rules are updated along with new ModSecurity
releases.  There isn't really a need to update as frequently as an IDS
since the scope of detection requirements for a WAF is much smaller.

2) Spent time looking at the rules to get a feel for the format and the
purpose and then buy
The Web Application Defender's Cookbook -

3) Don't know about this.  I use a proprietary application.

On Tue, Jul 14, 2015 at 7:49 AM Rishi nand <aadimanavtest at gmail.com> wrote:

> Hi There
> I am new to modsecurity and want to try in our organization, but came
> across few doubts. I will be glad if any body can clear them
> 1. OWASP modsecurity CRS : are these rules update daily (like snort rules,
> If so how to update). or how often they will update, In that case how to
> update them.
> 2. if i want to write my own custom rules how can i proceed :- where to
> create file and in which directory, Can i write all the rules in one file
> or a separate rule for each file
> 3. any recommended UI for modsecurity
> Thanks in advance
> --
> Cheer's
> Nand
>  _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150714/cbd2f667/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list