Hi Ryan,

Thanks for the reply.

I am reading that URL.   If I understood correctly I'll have to enable the rules by switching the action from pass to drop for those rules that I consider OK to be used, right?

Or is there other (better) way?

On Tue, Oct 26, 2010 at 12:29 PM, Ryan Barnett <RBarnett@trustwave.com> wrote:
On 10/26/10 12:22 PM, "robert mena" <robert.mena@gmail.com> wrote:

> Hi,
> I noticed that mod_security comes with some rules for sql_injection but they
> seem to only generate warning out of the box so we can decide and active the
> correct ones by replacing the pass with drop (for example), right?

While there is a version of the Core Rule Set (CRS) that is bundled with the
modsecurity source archive, it is highly recommended that you using the
current version from over at the OWASP Project site -

You can read a bit on the Setup/Documentation tabs for data.  I would also
recommend that you sign up for the OWASP CRS mail-list to stay up-to-date on
rule updates and to ask rule-related questions there -


> I've searched the FAQs and tried to search the web (and the archives) for a
> set of trusted rules to activate before having to dig too much in the log
> files.
> If possible I'd like a few pointers to 'jump-start' my setup.
> Regards.