Ryan, To restate the issue, the rules are stored in different directories based on their type - admins need to order the rules to ensure that they function correctly, and this can't be done when use apache configuration to load wild carded configuration files from different directories.
If you made the id parameter for SecRule mandatory, couldn't you then use that to order the rules? This would overcome the ordering issue you mention. I know that there are other directives as well and they might have the same ordering issue, but just thought I would ask the question Chris
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
