Looking ahead to CRS v3.0, one of the changes we are looking to make is to re-organize/rename the rules files themselves. We want to achieve the following:
1) Which HTTP transactional phase are the rules processing (Inbound Request or Outbound Response)? 2) Utilize a numeric naming convention so that anyone using Apache Include wild-carding (Include /path/to/crs/*.conf) will have the rules execute properly. 3) Group the rule files into categories of Protocol vs. Application issues 4) Specify if the issues are attacks, data leakages or defects. With these goals in mind, here is a new proposed rules file naming convention. REQUEST-10-IP-REPUTATION.conf REQUEST-20-PROTOCOL-POLICY.conf REQUEST-30-APPLICATION-POLICY.conf REQUEST-40-APPLICATION-ATTACKS-SQL-INJECTION.conf ... RESPONSE-10-APPLICATION-DATA-LEAKAGE.conf RESPONSE-20-APPLICATION-DEFECTS.conf Thanks goes out to Josh Zlatin who helped me work through the rationale for these changes. Let me know what you think or if you have comments for improvements. -- Ryan Barnett Researcher Lead Trustwave - SpiderLabs ModSecurity Project Lead This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
