Re: [mod-security-users] Migrating from Core Rules 1.6.1 to 2.0.5
Brought to you by:
victorhora,
zimmerletw
From: Art A. S. <art...@gm...> - 2010-09-16 23:56:03
|
Ryan, Thanks for your response. I had indeed read both those tabs. I suppose the inclusion of deprecated files in the stable release is what threw me. The installation tab contains the following apache configuration snippet: <IfModule security2_module> Include conf/modsecurity_crs/*.conf Include conf/modsecurity_crs/base_rules/*.conf </IfModule> So, do you advise removing any files in optional_rules that have a correspondingly named file in base_rules, and then doing the following: <IfModule security2_module> Include conf/modsecurity_crs/*.conf Include conf/modsecurity_crs/base_rules/*.conf Include conf/modsecurity_crs/optional_rules/*.conf </IfModule> Thanks again for your guidance. On Thu, Sep 16, 2010 at 4:48 PM, Ryan Barnett <RBa...@tr...> wrote: > Art, > Those duplicate conf files in the optional_rules dir are deprecated and i will remove them from svn. In older crs the optional_rules really held two different types of rules: those that were indeed optional, but also blocking versions of a few of the crs files (deny action). > > The new crs work differently. I suggest that you review both the installation and documentation tabs on the crs project site - > http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation > > Sent from my iPhone > > On Sep 16, 2010, at 4:02 PM, Art Age Software <art...@gm...> wrote: > >> Hi, >> >> Updating to newer core rule set and have a question about the new rule >> layout that I couldn't find answered in the docs. >> >> With 1.6.1, I simply copied the optional rules files over the base >> rules files with the same name. With the newer rules, it does not >> appear that this is the correct approach, as the optional rules are >> not simply a more restrictive version of the base rules with the same >> file name. >> >> So what is the correct approach for including >> optional_rules/modsecurity_crs_21_protocol_anomalies.conf, for >> example? Should this file be included after >> base_rules/modsecurity_crs_21_protocol_anomalies.conf? I didn't think >> this would work, since there are rules in both files with the same ID. >> Or will a later rule override an earlier rule with the same ID? >> >> Thanks. >> >> ------------------------------------------------------------------------------ >> Start uncovering the many advantages of virtual appliances >> and start using them to simplify application deployment and >> accelerate your shift to cloud computing. >> http://p.sf.net/sfu/novell-sfdev2dev >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Appliances, Rule Sets and Support: >> http://www.modsecurity.org/breach/index.html >> > > |