Re: [mod-security-users] Migrating from Core Rules 1.6.1 to 2.0.5

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Ryan,

Thanks for your response. I had indeed read both those tabs. I suppose
the inclusion of deprecated files in the stable release is what threw
me.

The installation tab contains the following apache configuration snippet:

       <IfModule security2_module>
               Include conf/modsecurity_crs/*.conf
               Include conf/modsecurity_crs/base_rules/*.conf
       </IfModule>

So, do you advise removing any files in optional_rules that have a
correspondingly named file in base_rules, and then doing the
following:

      <IfModule security2_module>
               Include conf/modsecurity_crs/*.conf
               Include conf/modsecurity_crs/base_rules/*.conf
               Include conf/modsecurity_crs/optional_rules/*.conf
       </IfModule>

Thanks again for your guidance.

On Thu, Sep 16, 2010 at 4:48 PM, Ryan Barnett <RBa...@tr...> wrote:
> Art,
> Those duplicate conf files in the optional_rules dir are deprecated and i will remove them from svn. In older crs the optional_rules really held two different types of rules: those that were indeed optional, but also blocking versions of a few of the crs files (deny action).
>
> The new crs work differently. I suggest that you review both the installation and documentation tabs on the crs project site -
> http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation
>
> Sent from my iPhone
>
> On Sep 16, 2010, at 4:02 PM, Art Age Software <art...@gm...> wrote:
>
>> Hi,
>>
>> Updating to newer core rule set and have a question about the new rule
>> layout that I couldn't find answered in the docs.
>>
>> With 1.6.1, I simply copied the optional rules files over the base
>> rules files with the same name. With the newer rules, it does not
>> appear that this is the correct approach, as the optional rules are
>> not simply a more restrictive version of the base rules with the same
>> file name.
>>
>> So what is the correct approach for including
>> optional_rules/modsecurity_crs_21_protocol_anomalies.conf, for
>> example? Should this file be included after
>> base_rules/modsecurity_crs_21_protocol_anomalies.conf? I didn't think
>> this would work, since there are rules in both files with the same ID.
>> Or will a later rule override an earlier rule with the same ID?
>>
>> Thanks.
>>
>> ------------------------------------------------------------------------------
>> Start uncovering the many advantages of virtual appliances
>> and start using them to simplify application deployment and
>> accelerate your shift to cloud computing.
>> http://p.sf.net/sfu/novell-sfdev2dev
>> _______________________________________________
>> mod-security-users mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> Commercial ModSecurity Appliances, Rule Sets and Support:
>> http://www.modsecurity.org/breach/index.html
>>
>
>