I would suggest that you download the ModSecurity 2.5.x code and start playing with it as there are many significant enhancements for not only performance (set-based matching with @pm vs. using regular expressions) but also many new variables - http://www.modsecurity.org/blog/archives/2007/12/initial_release.html

 

You could use the current Core Rules as a base to start from and then alter it with the new 2.5 enhancements.

 

I will be doing a Blog post today showing one example of this.

 

--
Ryan C. Barnett
ModSecurity Community Manager

Breach Security: Director of Training

Web Application Security Consortium (WASC) Member

CIS Apache Benchmark Project Lead

SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC

Author: Preventing Web Attacks with Apache

 


From: mod-security-users-bounces@lists.sourceforge.net [mailto:mod-security-users-bounces@lists.sourceforge.net] On Behalf Of Oteng Michael Raesima
Sent: Thursday, December 27, 2007 6:34 PM
To: mod-security-users@lists.sourceforge.net
Subject: [mod-security-users] optimizing the ModSecurity core rule set

 


Good day to you all
I sent the following message to the user list last week but i have had no response to date. Please assist with relevant info or direction that may be useful in this kind of study.

I am an MSc student in e-business centered computing. I would like to focus my research on optimizing the core rule set of ModSecurity so that if possible, a fewer rules are used to achieve the same and improve performance of the filtering process in the end. To this end I request your help as much as possible on information or indeed any data that may be helpful for the success of my project.

I have installed Apache2.x and downloaded the modsec 2.x rule set for my study.

Thank you very much in advance

Your contributions are highly appreciated

OM Raesima