>
> On Tue, Mar 13, 2012 at 4:49 PM, Ryan Barnett <rbarn...@trustwave.com>wrote:
>
>> I am working on updating the current CRS SecRule formatting. The idea is
>> to make the rules easier to read and understand what is happening, for
>> example to quickly understand the ACTION line data.
>>
>> The format is updated to:
>>
>> 1) Separate the VARIABLE OPERATOR and ACTION sections from each other by
>> using the Apache \ line continuation character.
>> 2) The 1st ACTION line starts with the rule ID. This makes it easier to
>> find rules of interest.
>> 3) The end of the 1st ACTION line lists any disruptive actions.
>> 4) Transformation functions have their own line
>> 5) Tags have their own line
>> 6) Meta-actions (such as setvars) have their own line
>> 7) Also including example attack payloads that are detected by the
>> OPERATOR to help understand what the regex is looking form
>>
>> Please review/comment on the updated format below. I would like to start
>> updating the CRS rules to use this format for the 3.0 version.
>>
>>
Hi Ryan,
I like new format. IMHO, we can improve readable a bit further by adding
indentation to all lines that do not start a rule. That especially helps
locate the start of the various rules within a chained rule. For example:
SecRule ARGS test1 "id:123,phase:2,block,chain, \
setvar:tx.sql_injection_score=+1, \
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}"
SecRule ARGS test2
--
- Josh
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
