Re: [mod-security-users] ambiguous statements in CRS-SetUP.conf
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ambiguous statements in CRS-SetUP.conf
|
From: Chaim S. <cha...@gm...> - 2019-05-27 17:16:16
|
Hey Ted, great questions! We set the variables to their default values in https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.2/dev/rules/REQUEST-901-INITIALIZATION.conf. As this is in the rules folder it should be included only after crs-setup. To ensure that the default values do not override the user defined versions, all the variables set in 901 check to see if the variable has already been set, only setting these if they were not previously set in crs-setup. As a result, there should be no issue with replication of these variables. Per your second question, here this rule is setting a variable. Later in the rules we'll enable different sets of rules based on this value. As a result, you only need to override the default (level 1) paranoia level in the crs-setup by uncommenting and changing the paranoia level to the desired setting. Happy hunting! - Chaim On Sun, May 26, 2019, 4:06 PM Ted Talaiti <tal...@ho...> wrote: > Hey Chaim > > 1) What if I just uncomment them and change nothing? > Will the redundancy cause problem? Which one works during the exacuations? > > 2) Increasing paranoia add extra rule. But in following example it only > effects to "id:900000" but not others. > Are the two statements contrary? > Could you please tell the exact place where I can set paranoi level that > effects to all CRS or part of it? > SecAction \ > "id:900000,\ > phase:1,\ > nolog,\ > pass,\ > t:none,\ > setvar:tx.paranoia_level=1" > > Sincerely > Thanks in advance. > > > ------------------------------ > *From:* Chaim Sanders <cha...@gm...> > *Sent:* Saturday, May 25, 2019 1:01 AM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] ambiguous statements in CRS-SetUP.conf > > Hey Ted, if you leave that commented, the default applies. The confusing > portion may be that the example enables the same effect as the default. > However, you can extend or restrict the details farther by uncomment and > modifying that rule. Let us know if you have any other questions. > Thanks, > - Chaim > > On Fri, May 24, 2019, 10:23 AM Ted Talaiti <tal...@ho...> wrote: > > Dear friends > > HOW/WHY Uncomment this rule can change the default? > Because it says by default it supports 4type of HTTP anyway. > > On the other hand, if do not uncomment the rule, then it does not the > support the 4type of HTTP? > > > > I am confused of what happens if I uncomment the rule or leave it as > commented? > > Sincerely > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
