Re: [mod-security-users] compatibility between apache module and OWASP_CRS
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] compatibility between apache module and OWASP_CRS
|
From: Hans M. <mo...@ma...> - 2024-03-26 21:18:20
|
Hi Christian, many thanks for your swift reply. I will give it a try. So, 2.9 is the latest production ready modsec. For version 3 at https://github.com/owasp-modsecurity/ModSecurity-apache/tree/master I see the recommendation to use v 2.9.x I am wondering because V 3 is also several years old. Best, Hans -- On 26.03.24 08:44, Christian Folini wrote: > Good morning Hans, > > On Mon, Mar 25, 2024 at 10:12:50PM +0100, Hans Mayer via mod-security-users wrote: >> I am using Apache/2.4.57 on Debian bookworm with the modsecurity-crs >> package. >> >> In the logs I see: Producer: ModSecurity for Apache/2.9.7 ; OWASP_CRS/3.3.5 >> >> At github there is already version 4 available from the coreruleset. >> >> Would this work with the existing /usr/lib/apache2/modules/mod_security2.so > Yes it would. > > More documentation at > https://coreruleset.org/20240214/let-crs-4-be-your-valentine/ > > Please be aware that this is a major new release and the transition takes > a bit of planning and testing. There will be new false positives usually. > > Best, > > Christian > > |
