mix modsecurity and gotroot rules

Rules
2011-02-21
2013-06-12
  • fran beltran
    fran beltran
    2011-02-21

    how i can to mix the modsecurity rules and gotroot rules?
    can i put it into the same directory? in this case, how is the order? first modsecurity rules and last gotroot rules?

    or if i must put it into a different directories, witch of them i run in the first time modsecurity or gotroot rules?

    thanks.

     
  • Ryan Barnett
    Ryan Barnett
    2011-02-21

    The OWASP ModSecurity CRS and the GotRoot ASL rules are actually "rule sets" and have different design philosophies.  Specifically, the CRS has the ability to run in an anomaly scoring/collaborative mode -
    http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html

    The GotRoot rules work more like a traditional IPS mode where the rules are self contained.

    I do agree, however, that there should be a path for running both at the same time.  I will look into this issue.

     
  • fran beltran
    fran beltran
    2011-02-22

    hello, so I hope you say me something on this forum for how to configure both rule sets.

    thanks.