<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Sorry I should have mentioned that "I downloaded the latest rules, and
applied only the base rules, not the optional ones.."<br>
Regards, -turgut<br>
<br>
<br>
On 01/11/2010 10:24 PM, turgut kalfaoğlu wrote:
<blockquote cite="mid:4B4B88FF.9000204@kalfaoglu.com" type="cite">
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <div class="moz-text-flowed"
 style="font-family: -moz-fixed; font-size: 12px;" lang="x-unicode">I
recently upgraded the modsecurity 2.something to the latest version.
  <br>
  <br>
But these two rulesets are giving me much headache:
  <br>
  <br>
modsecurity_crs_41_phpids_converter.conf
  <br>
modsecurity_crs_41_phpids_filters.conf
  <br>
  <br>
For example, a plain HTML web site, but the JPG files are oddly named:
  <br>
  <a moz-do-not-send="true" class="moz-txt-link-freetext"
 href="http://www.learningpracticalturkish.com/yasemin-unlu--movie-cover--koylu-kizi150x147.jpg">http://www.learningpracticalturkish.com/yasemin-unlu--movie-cover--koylu-kizi150x147.jpg</a>
  <br>
  <br>
Dumps over a page of "Messages:" in the audit file, talking about
probably a dozen rules or so that are broken.
  <br>
  <br>
The following dynamic site, is likewise:
  <br>
   <a moz-do-not-send="true" class="moz-txt-link-freetext"
 href="http://noroloji.biz/index.php?option=com_content&amp;view=article&amp;id=46&amp;Itemid=97">http://noroloji.biz/index.php?option=com_content&amp;view=article&amp;id=46&amp;Itemid=97</a>
  <br>
... belches pages and pages of code, even at debug level 3.
  <br>
  <br>
The web server has over 300 hostings - Joomla, PhpNuke, Wordpress,
homebrew, and plain HTML.
  <br>
  <br>
I spent two whole days editing out the core rules, but finally had to
give up on the "phpids" rulesets altogether.
  <br>
  <br>
Was there a better way?
  <br>
  <br>
Thanks!
  <br>
 -turgut
  <br>
  <br>
  </div>
  <pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org">Owasp-modsecurity-core-rule-set@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set">https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set</a>
  </pre>
</blockquote>
<br>
</body>
</html>