[Owasp-modsecurity-core-rule-set] A Set of Performance Rules
christian.folini at time-machine.ch
Wed Sep 23 13:36:30 UTC 2015
Chaim was kind enough to merge Achim's and my set of Header
Injection Prevention rules into the v3.0.0-branch.
This was smooth, so let's try the process with a 2nd little set of
rules, which I use at time.
It's a set of performance rules, that do some measuring at different
phases and prepare the info into variables, which can then be logged.
It's more detailed then Stopwatch2 in the audit-log and the data is
prepared to be pushed into the access-log (or whatever you call it for
non-apache httpd servers).
For the 2.2.x ruleset, this would fit into the optional_rules folder,
but I am not sure about the right course of action for v3.0.0-dev.
Do you plan to include an optional_rules folder eventually, or would
you rather define a switch in modsecurity_crs_10_setup.conf.example,
which would then enable/disable the ruleset in two files like
Chains of habit are too light to be felt until they are too heavy
to be broken.
-- Warren Buffett
More information about the Owasp-modsecurity-core-rule-set