[mod-security-users] CRS
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] CRS
|
From: Vieri Di P. <vie...@gm...> - 2020-01-22 09:21:01
|
Hi, I'm new to modsecurity so what I say here might not be fully correct. According to: https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.0/master/INSTALL "There are currently no known packages of CRS 3.x." However, I'm using Gentoo Linux with a 3.x package: https://packages.gentoo.org/packages/www-apache/modsecurity-crs The Gentoo Linux package manager downloads from: https://github.com/SpiderLabs/owasp-${PN}/archive/v${PV}.tar.gz Where PN=modsecurity-crs PV=3.1.0 (in my case) Are there more recent archives? I'd rather use my package manager instead of making a custom script to update the CRS from GIT. Also, the same INSTALL file suggests to test the installation by making a request to a specific URL. I tried this: curl 'http://myapacheserver/?param="><script>alert(1);</script>' However, it doesn't seem to trigger any rule. The apache server actually replies normally with a web page, and there are no errors in the log. I have mod_security 2.9.3. What can I try? Vieri |
