Re: [mod-security-users] Can someone explain in simpler manner?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Can someone explain in simpler manner?
|
From: Ervin H. <ai...@gm...> - 2020-04-15 11:25:55
|
Hi Blason, first, please note, that this is the mod-security-users mailing list. I think you're interesting about CRS, which has an own list: https://groups.google.com/a/owasp.org/forum/#!forum/modsecurity-core-rule-set-project Anyway, to getting any help for CRS, these are good places: https://coreruleset.org/installation/ https://coreruleset.org/support/ On Wed, Apr 15, 2020 at 04:11:32PM +0530, Blason R wrote: > Hi Folks, > > I would really appreciate if someone can explain me in a simpler manner > about enabling PL levels in CR3.0? I mean > > I understood default installation is PL1? Yes. If you don't touch the crs-setup.conf, this line sets the default value: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.3/dev/rules/REQUEST-901-INITIALIZATION.conf > What the rules activated with this then? I mean rules with specific prefix? there isn't any specific prefix. You can check the rules in the rule files. There are some specific rules with id ...011/...012/.../.../..017/...018, which controls which rules should be left out. > How do I switch to PL2? see the crs-setup.conf above. > Confused where are those settings to modify the paranoia levels? there are more good documentations about this topic, example: https://www.netnea.com/cms/apache-tutorial-7_including-modsecurity-core-rules/ Hope this helps, a. nb: please don't continue this topic here. |
