[Owasp-modsecurity-core-rule-set] Using 3.0 ruleset

Chaim Sanders CSanders at trustwave.com
Tue Sep 15 17:44:43 UTC 2015


The installation instructions are exactly identical, simply drop the folder structure in an area readable by your web server, include the .conf files from httpd.conf or equivalent, and go through the recommended configuration file and configure your options. At this point in fact 3.0 is by a large margin the preferred ruleset as far as OWASP CRS is concerned. We have hesitated to push 3.0 to main branch for two reasons right now... 1) is that it requires 2.8 or greater in order to run (thanks to things like @detectxss)(only recently has 2.8 become available in things like yum/apt-get repos) and two it has known high(but less high then 2.x) false positives rate for SQL injection. We want to address these false positives before we push it to the master branch. Does that answer your questions?

From: <owasp-modsecurity-core-rule-set-bounces at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org>> on behalf of kause lotski <kauselot at yahoo.com<mailto:kauselot at yahoo.com>>
Reply-To: kause lotski <kauselot at yahoo.com<mailto:kauselot at yahoo.com>>
Date: Monday, September 14, 2015 at 2:19 PM
To: "owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>" <owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>>
Subject: [Owasp-modsecurity-core-rule-set] Using 3.0 ruleset

Hi,

as it seems 3.0 greatly improves extended character sets in unicode handling (false positives due to this characters), I would like to give it a try. But as structure has totally changed INSTALL instructions aren't correct anymore in 3.0 branch, can someone give me a quick guide? is there any ETA for 3.0 ?

Regards,
Kause

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150915/4abc72e0/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list