Hello,
I'm trying out current OWASP core rule set and have some basic questions first (no doubt lots more later!) This article from 2010 about 'Anomaly Scoring' is referenced quite a lot: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html in the article there are references to 'Anomaly Scoring' and to examples But in the 10_conf.example file things seem to have shifted somewhat in 2 years So am I correct that: 'Anomaly Scoring' has now become 'Collaborative Detection Scoring' Also in that article it mentions unblocking a rule at end of modsecurity_crs_49_inbound_blocking.conf However doing that results in this error: 'Starting httpd: Syntax error on line 34 of /etc/httpd/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf:' 'ModSecurity: No action id present within the rule' I'm pretty sure I read that all rules now require an 'id' (?) Incrementing by 1 from rules above it to give id:981177 doesnt work: 'ModSecurity: Found another rule with the same id' So what is method to get an id for this rule? any other rule? thanks Gene _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
