+5 hit points Sent from a mobile device
On Apr 14, 2011, at 9:00 AM, Ryan Barnett <[email protected]> wrote: > Any comments on this approach? Good idea? > > -Ryan > > > From: Ryan Barnett <[email protected]<mailto:[email protected]>> > Date: Tue, 12 Apr 2011 09:57:24 -0500 > To: > "[email protected]<mailto:[email protected]>" > > <[email protected]<mailto:[email protected]>> > Subject: CRS Directory Format Question > > The current OWASP CRS archive has a number of directories that hold different > rules - > > * base_rules > * optional_rules > * slr_rules > * experimental_rules > > I am thinking that most ModSecurity users want to use Apache Include > wild-carding when activating rulesets - > > <IfModule security2_module> > Include conf/modsecurity_crs/*.conf > Include conf/modsecurity_crs/base_rules/*.conf > </IfModule> > > While this is certainly convenient, this does cause a problem. The various > rules files have a numbering scheme whose purpose to to help ensure that the > rules file are executed in the proper order when wild-carding with includes. > Activating these rules are challenging when separated into the different > directories. > > <IfModule security2_module> > Include conf/modsecurity_crs/*.conf > Include conf/modsecurity_crs/base_rules/*.conf > Include conf/modsecurity_crs/optional_rules/*.conf > > </IfModule> > > So, what I am thinking is that we should add an empty directory called - > > * activated_rules > > The sole purpose of this directory would be for the local Admin to copy all > files that they want to run into that one directory. When they do this, then > the file name numbering scheme will work and it will allow for easier Include > wild-carding - > > <IfModule security2_module> > Include conf/modsecurity_crs/*.conf > Include conf/modsecurity_crs/activated_rules/*.conf > </IfModule> > > How does this approach sound to everyone? > > -Ryan > > ________________________________ > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
