[Owasp-modsecurity-core-rule-set] Using 3.0 ruleset

kause lotski kauselot at yahoo.com
Wed Sep 16 08:24:11 UTC 2015

I was referring to this file https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/INSTALL which mentions directories that don't exist in 3.0 branch (base_rules, experimental_rules etc ) - is it safe to presume rules directory is the same as base_rules in 2.x ?
Problem I hope to be at least somehow better ( I got this impression by reading tickets on github
) in 3.0 is that with 2.2.9 I basically need to disable most sql injection rules for any form field with user generated content (text fields, textareas etc) as this rules get triggered by UTF-8 encoded characters from Latin Extended-A - Wikipedia, the free encyclopedia subset.

|   |
|   |   |   |   |   |
| Latin Extended-A - Wikipedia, the free encyclopediaLatin Extended-A is a block of the Unicode Standard. |
|  |
| View on en.wikipedia.org | Preview by Yahoo |
|  |
|   |

     From: Chaim Sanders <CSanders at trustwave.com>
 To: kause lotski <kauselot at yahoo.com>; "owasp-modsecurity-core-rule-set at lists.owasp.org" <owasp-modsecurity-core-rule-set at lists.owasp.org> 
 Sent: Tuesday, September 15, 2015 7:44 PM
 Subject: Re: [Owasp-modsecurity-core-rule-set] Using 3.0 ruleset
The installation instructions are exactly identical, simply drop the folder structure in an area readable by your web server, include the .conf files from httpd.conf or equivalent, and go through the recommended configuration file and configure your options. At this point in fact 3.0 is by a large margin the preferred ruleset as far as OWASP CRS is concerned. We have hesitated to push 3.0 to main branch for two reasons right now… 1) is that it requires 2.8 or greater in order to run (thanks to things like @detectxss)(only recently has 2.8 become available in things like yum/apt-get repos) and two it has known high(but less high then 2.x) false positives rate for SQL injection. We want to address these false positives before we push it to the master branch. Does that answer your questions?

From: <owasp-modsecurity-core-rule-set-bounces at lists.owasp.org> on behalf of kause lotski <kauselot at yahoo.com>
Reply-To: kause lotski <kauselot at yahoo.com>
Date: Monday, September 14, 2015 at 2:19 PM
To: "owasp-modsecurity-core-rule-set at lists.owasp.org" <owasp-modsecurity-core-rule-set at lists.owasp.org>
Subject: [Owasp-modsecurity-core-rule-set] Using 3.0 ruleset

as it seems 3.0 greatly improves extended character sets in unicode handling (false positives due to this characters), I would like to give it a try. But as structure has totally changed INSTALL instructions aren't correct anymore in 3.0 branch, can someone give me a quick guide? is there any ETA for 3.0 ?


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150916/97436f67/attachment-0001.html>

More information about the Owasp-modsecurity-core-rule-set mailing list