On Dec 13, 2010, at 1:51 PM, Ryan Barnett wrote: > Hey Jim, > This is the recommended approach. Previously, we had the file in the > base_rules directory and it was called > modsecurity_crs_48_local_exceptions.conf. We needed to change this as a CRS > update would overwrite the locally updated file. I initially moved it up > one level to get it out of the base_rules directory sot that it wouldn't > accidentally be included in an Include wildcard directive. After looking at > this some more, we still had issues with people wild-carding all *.conf in > the main directory.... So, I went in and renamed it to have an ".example" > extension. With this new extension, we can now just move it back to the > base_rules directory. > > So, to make this long explanation clear :) We will move the > modsecurity_crs_48_local_exceptions.conf.example file back into the > base_rules directory. Users should then rename it and drop the ".example" > extension when they want to add local exceptions. This should make updates > easier as the CRS will only update the ".extension" file and it should be in > the right location to work with the numbering scheme. > > Sorry for the confusion :)
Cool. Looking back through archives, change logs, and release notes, that was pretty much what I had surmised. It's good to have confirmation, though. Thanks! _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
