Ken, This is a good point. We have an internal rules test suite for the CRS. I will work on updating it for the most recent rules and then releasing it in the CRS util directory.
I will send more info soon. Ryan On May 5, 2011, at 11:54 AM, "Ken Brucker" <[email protected]<mailto:[email protected]>> wrote: Hi - I have some custom rules I'd like to create and I'm looking for a test engine to drive the rules and ensure I'm getting the expected results. I checked the FAQ and found this question that directly relates: How do I handle False Positives and creating Custom Rules? It is inevitable; you will run into some False Positive hits when using web application firewalls. This is not something that is unique to ModSecurity. All web application firewalls will generate false positives from time to time. The following Blog post information will help to guide you through the process of identifying, fixing, implementing and testing new custom rules to address false positives. But... the last sentence states "The following blog post information ..." and there is no blog post information following. Where do I find the referenced material? Does a test engine exist outside Apache to feed data through the rules to enable easy regression testing in addition to focused testing of new rules? Regards, Ken _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected]<mailto:[email protected]> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
