This discussion come in a very good time. I plan to start coding a new Waf-Fle feature: Rule Managment, as soon I release the next version (next month, I hope), that will be useful for new users, and for advanced users with large deployments. So the discuss the structure of CRS is very important.
The central config file make things clear, and make more simple to a more large deployment to don't need to handle to many different files. Regarding to the rules itself (a little bit off-topic in this email), the current struture in "base", "optional", "experimental" and "slr" make clear to user, but will be very good too include the "RULE_MATURITY' and "RULE_ACCURACY" tags in all rules, to expand the usage of "SecRuleRemoveByTag". Klaubert On Mon, Feb 13, 2012 at 8:55 PM, Brian Kroth <bpkr...@gmail.com> wrote: > +1 > > It usually makes upgrading much more reasonable as then I really only have > ~3 files with my tweaks in them. > > Thanks, > Brian > > Jeff Rooney <jtroo...@nexdlevel.com> 2012-02-13 11:37: > >> +1 for centralized. >> Jeff Rooney >> [1]jtroo...@nexdlevel.com >> >> On Mon, Feb 13, 2012 at 11:22 AM, Lucas Ferreira <[2]lis...@sapao.net> >> >> wrote: >> >> I like it. Centralized settings help me keep my configs more organized. >> And it is easier to know where to go when changes are needed. >> Regards, >> Lucas >> >> On Mon, Feb 13, 2012 at 12:14, Ryan Barnett <[3]rbarn...@trustwave.com >> > >> >> wrote: >> >> First question to kick-off the discussion is this - >> >> Do you like/dislike the concept of having a central config file – >> modsecurity_crs_10_config.**conf? >> >> The idea with this file is to try and consolidate a number of local >> settings within one file rather than having to edit the settings >> within a number of other individual files. Once these settings are >> made, the information is them propagated to the various rules by use >> of macro expansions. >> >> Do you like or dislike this concept? If you don't like it, why now? >> How can this file be made better? >> >> -- >> Ryan Barnett >> Trustwave SpiderLabs >> ModSecurity Project Leader >> OWASP ModSecurity CRS Project Leader >> >> ______________________________**__ >> This transmission may contain information that is privileged, >> confidential, and/or exempt from disclosure under applicable law. If >> you are not the intended recipient, you are hereby notified that any >> disclosure, copying, distribution, or use of the information >> contained >> herein (including any reliance thereon) is STRICTLY PROHIBITED. If >> you >> received this transmission in error, please immediately contact the >> sender and destroy the material in its entirety, whether in >> electronic >> or hard copy format. >> >> ______________________________**_________________ >> Owasp-modsecurity-core-rule-**set mailing list >> >> [4]Owasp-modsecurity-core-**rule-...@lists.owasp.org<Owasp-modsecurity-core-rule-set@lists.owasp.org> >> [5]https://lists.owasp.org/**mailman/listinfo/owasp-** >> modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> >> >> >> -- >> Homo sapiens non urinat in ventum. >> ______________________________**_________________ >> Owasp-modsecurity-core-rule-**set mailing list >> >> [6]Owasp-modsecurity-core-**rule-...@lists.owasp.org<Owasp-modsecurity-core-rule-set@lists.owasp.org> >> [7]https://lists.owasp.org/**mailman/listinfo/owasp-** >> modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> >> >> References >> >> Visible links >> 1. mailto:jtroo...@nexdlevel.com >> 2. mailto:lis...@sapao.net >> 3. mailto:rbarn...@trustwave.com >> 4. >> mailto:Owasp-modsecurity-core-**rule-...@lists.owasp.org<Owasp-modsecurity-core-rule-set@lists.owasp.org> >> 5. https://lists.owasp.org/**mailman/listinfo/owasp-** >> modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> >> 6. >> mailto:Owasp-modsecurity-core-**rule-...@lists.owasp.org<Owasp-modsecurity-core-rule-set@lists.owasp.org> >> 7. https://lists.owasp.org/**mailman/listinfo/owasp-** >> modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> >> > > ______________________________**_________________ >> Owasp-modsecurity-core-rule-**set mailing list >> Owasp-modsecurity-core-rule-**s...@lists.owasp.org<Owasp-modsecurity-core-rule-set@lists.owasp.org> >> https://lists.owasp.org/**mailman/listinfo/owasp-** >> modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> >> > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAk85lPYACgkQdtkBin+QuSC3LwCcDS81rh5Of1eDC/LSPt19y7a6 > NYkAoNBYmvDDimiBPwEpeIRxPDSV8cqt > =yqoK > -----END PGP SIGNATURE----- > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
