mix modsecurity and gotroot rules

Brought to you by: victorhora, zimmerletw

mix modsecurity and gotroot rules

Forum: Rules

Creator: fran beltran

Created: 2011-02-21

Updated: 2013-06-12

fran beltran - 2011-02-21

how i can to mix the modsecurity rules and gotroot rules?
can i put it into the same directory? in this case, how is the order? first modsecurity rules and last gotroot rules?

or if i must put it into a different directories, witch of them i run in the first time modsecurity or gotroot rules?

thanks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ryan Barnett - 2011-02-21

The OWASP ModSecurity CRS and the GotRoot ASL rules are actually "rule sets" and have different design philosophies. Specifically, the CRS has the ability to run in an anomaly scoring/collaborative mode -
http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html

The GotRoot rules work more like a traditional IPS mode where the rules are self contained.

I do agree, however, that there should be a path for running both at the same time. I will look into this issue.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

fran beltran - 2011-02-22

hello, so I hope you say me something on this forum for how to configure both rule sets.

thanks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.