On 1/9/12 12:26 PM, "David Sinclair" <dbsincl...@multiservice.com> wrote:
>David Sinclair <dbsinclair@...> writes: > > > >I went back to the modsecurity dashboard and did some research on the >PHPIDS >rules and discovered this is not a new issue. I do think it needs to be >reconsidered. All of the rules in the section are severity 2, Critical >and >anomaly score 5, but have score values ranging from 3 to 7. Having the >values >hard coded and on a different severity scale makes using anomaly scoring >a bit >difficult. Am considering raising the tx.critical_anomaly_score and etc >to >higher values to be on a similar scale and similarly increasing the >inbound >anomaly score threshold. > Understood. We have gone back and forth on whether to use our macro expansion or the phpids point value. I might talk with Mario (the phpids lead dev) to discuss the concepts of rule accuracy, maturity and severity. -Ryan This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
