New OWASP ModSecurity CRS Repo on GitHub - https://github.com/SpiderLabs/owasp-modsecurity-crs Download latest rules here - https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
== CHANGES == Improvements: * Started rule formatting update for better readability * Added maturity and accuracy action data to each rule * Updated rule revision (rev) action * Added rule version (ver) action * Added more regression tests (util/regression_tests/) * Modified Rule ID 960342 to block large file attachments in phase:1 * Removed all PARANOID rule checks * Added new Session Fixation rules Bug Fixes: * Fixed missing ending double-quotes in XSS rules file * Moved SecDefaultAction setting from phase:2 to phase:1 * Fixed Session Hijacking SessionID Regex https://www.modsecurity.org/tracker/browse/CORERULES-79 * Changed the variable listing for many generic attack rules to exclude REQUEST_FILENAME https://www.modsecurity.org/tracker/browse/CORERULES-78 -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
