All, After having read http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html, I decided to give Anomoly Scoring Detection Mode a try. So, I set the following in modsecurity_crs_10_config.conf:
SecDefaultAction "phase:2,pass,log" and SecAction "phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on" and restarted Apache. With that done, I tried to reach our Web site, and was promptly met by the Apache test page. Once I set modsecurity_crs_10_config.conf to Traditional Detection Mode, I was again able to reach our Web site. Did I forget something in setting up Anomoly Scoring Detection Mode, or misconfigure something? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
