[Owasp-modsecurity-core-rule-set] From 2.2.X to 3.0.0 (was: Re: Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5)

Christian Folini christian.folini at time-machine.ch
Thu Sep 17 08:47:23 UTC 2015


On Tue, Sep 15, 2015 at 09:18:51AM -0600, OtherData wrote:
> I am also interested in why the 2.2.9 rule set is still considered the
> latest rule set, and 3.0 is not.  The 3.0 ruleset appears to be now bundled
> with cPanel which is confusing as to why they would bundle it with cPanel if
> it is not stable.

Has anybody made the transition from 2.2.x to 3.0.0 yet? 

I have a three digit number of services under my hands with several thousand 
tunings/ignore-rules. All tied to individual rule ids. This is really
a lot of work.

When the core rules consolidated the SQLi rules and combined this
transition with the removal of the commit history in the old subversion
repository (not exactly at the same moment, but close enough to
give us an updated core rule set with new rule ids but no commit 
history to link them to the old rule ids), we were in deep, deep shit.

The idea to revisit this tragedy gives me the creeps.

Therefore any war stories, reports or advice would be greatly appreciated.
I am willing to contribute on an advisory document describing the
best practice for the transition.



Real knowledge is to know the extent of one's own ignorance.
-- Confucius

More information about the Owasp-modsecurity-core-rule-set mailing list