We will update the Quick Setup info in the README file.
On 4/14/11 9:35 AM, "Jim Riggs" <[email protected]> wrote: >I agree with Andreas and Klaubert. If this is the approach we take, the >documentation should *strongly* recommend symlinks; otherwise, it will >cause a major maintenance headache for admins, breaking auto-update. (I >fear the step of _copying_ the files will often get forgotten or missed. >Symlinks would address that issue to an extent.) > > >On Apr 14, 2011, at 8:28 AM, pfote wrote: > >> I'm using right now that >> Include conf/modsecurity_crs/*.conf >> Include conf/modsecurity_crs/base_rules/*.conf >> Include conf/modsecurity_crs/optional_rules/*.conf >> >> >> approach, wasn't aware of that problem (fairly new to modsecurity and >>owasp) .. thanks for pointing out. >> >> However, i wouldn't copy but better symlink them, this way it's still >>possible to have it auto-updated. >> >> cheers >> Andreas >>> Yes, I think this would be helpful. It might be worth explaining in >>> the comments why the "proper order" is important, and thus where to >>> put custom configuration settings and rules for each vhost/server. >>> >>> Colin >>> >>> On 14 April 2011 14:00, Ryan Barnett >>> <[email protected]> >>> wrote: >>> >>> >>>> Any comments on this approach? Good idea? >>>> >>>> -Ryan >>>> >>>> >>>> From: Ryan Barnett < >>>> [email protected]<mailto:[email protected]> >>>> > >>>> Date: Tue, 12 Apr 2011 09:57:24 -0500 >>>> To: " >>>> >>>>[email protected]<mailto:owasp-modsecurit >>>>[email protected]>" >>>><[email protected]<mailto:owasp-modsecuri >>>>[email protected]> >>>> > >>>> Subject: CRS Directory Format Question >>>> >>>> The current OWASP CRS archive has a number of directories that hold >>>>different rules - >>>> >>>> * base_rules >>>> * optional_rules >>>> * slr_rules >>>> * experimental_rules >>>> >>>> I am thinking that most ModSecurity users want to use Apache Include >>>>wild-carding when activating rulesets - >>>> >>>> <IfModule security2_module> >>>> Include conf/modsecurity_crs/*.conf >>>> Include conf/modsecurity_crs/base_rules/*.conf >>>> </IfModule> >>>> >>>> While this is certainly convenient, this does cause a problem. The >>>>various rules files have a numbering scheme whose purpose to to help >>>>ensure that the rules file are executed in the proper order when >>>>wild-carding with includes. Activating these rules are challenging >>>>when separated into the different directories. >>>> >>>> <IfModule security2_module> >>>> Include conf/modsecurity_crs/*.conf >>>> Include conf/modsecurity_crs/base_rules/*.conf >>>> Include conf/modsecurity_crs/optional_rules/*.conf >>>> >>>> </IfModule> >>>> >>>> So, what I am thinking is that we should add an empty directory >>>>called - >>>> >>>> * activated_rules >>>> >>>> The sole purpose of this directory would be for the local Admin to >>>>copy all files that they want to run into that one directory. When >>>>they do this, then the file name numbering scheme will work and it >>>>will allow for easier Include wild-carding - >>>> >>>> <IfModule security2_module> >>>> Include conf/modsecurity_crs/*.conf >>>> Include conf/modsecurity_crs/activated_rules/*.conf >>>> </IfModule> >>>> >>>> How does this approach sound to everyone? >>>> >>>> -Ryan >>>> >>>> ________________________________ >>>> This transmission may contain information that is privileged, >>>>confidential, and/or exempt from disclosure under applicable law. If >>>>you are not the intended recipient, you are hereby notified that any >>>>disclosure, copying, distribution, or use of the information contained >>>>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you >>>>received this transmission in error, please immediately contact the >>>>sender and destroy the material in its entirety, whether in electronic >>>>or hard copy format. >>>> >>>> _______________________________________________ >>>> Owasp-modsecurity-core-rule-set mailing list >>>> >>>> [email protected] >>>> >>>>https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-se >>>>t >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> Owasp-modsecurity-core-rule-set mailing list >>> >>> [email protected] >>> >>>https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >>> >>> >>> >> >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >[email protected] >https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
