Looking ahead to CRS v3.0, one of the changes we are looking to make is to re-organize/rename the rules files themselves. We want to achieve the following:
1) Which HTTP transactional phase are the rules processing (Inbound Request or Outbound Response)? 2) Utilize a numeric naming convention so that anyone using Apache Include wild-carding (Include /path/to/crs/*.conf) will have the rules execute properly. 3) Group the rule files into categories of Protocol vs. Application issues 4) Specify if the issues are attacks, data leakages or defects. With these goals in mind, here is a new proposed rules file naming convention. REQUEST-10-IP-REPUTATION.conf REQUEST-20-PROTOCOL-POLICY.conf REQUEST-30-APPLICATION-POLICY.conf REQUEST-40-APPLICATION-ATTACKS-SQL-INJECTION.conf ... RESPONSE-10-APPLICATION-DATA-LEAKAGE.conf RESPONSE-20-APPLICATION-DEFECTS.conf Thanks goes out to Josh Zlatin who helped me work through the rationale for these changes. Let me know what you think or if you have comments for improvements. -- Ryan Barnett Researcher Lead Trustwave - SpiderLabs ModSecurity Project Lead _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
