I don't think the ModSec Rule ID would help in this case as we are talking about Apache startup and its Include directive. I think that having the activatedrules directory is the best approach as local Admins can then review all the rules and decide which ones to activate by creating symlinks in the activated_rules directory. When they do this, then the numbering scheme used in the rule file names will work appropriately.
Keep in mind that this simply orders the rule files appropriately by groups/purpose. This does nothing to ensure that the rules themselves, inside the files, are ordered appropriately. We order them appropriately in the CRS files but if you have custom rules, you will need to ensure that they are ordered correctly for the logic you want. -Ryan From: chris derham <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thu, 14 Apr 2011 09:37:23 -0500 To: Ryan Barnett <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Owasp-modsecurity-core-rule-set] CRS Directory Format Question Ryan, To restate the issue, the rules are stored in different directories based on their type - admins need to order the rules to ensure that they function correctly, and this can't be done when use apache configuration to load wild carded configuration files from different directories. If you made the id parameter for SecRule mandatory, couldn't you then use that to order the rules? This would overcome the ordering issue you mention. I know that there are other directives as well and they might have the same ordering issue, but just thought I would ask the question Chris ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
