It's because modsecurity 2.7 requires id on each rule but the CRS don't have ids on every rule. I'm unaware of a convention for choosing rule numbers, maybe just choose any id number that is not currently used.
On Mon, Nov 19, 2012 at 1:29 AM, Gene <gne...@yahoo.co.uk> wrote: > > > Hello, > > I'm trying out current OWASP core rule set and have some basic questions > first (no doubt lots more later!) > > This article from 2010 about 'Anomaly Scoring' is referenced quite a lot: > > http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html > > in the article there are references to 'Anomaly Scoring' and to examples > But in the 10_conf.example file things seem to have shifted somewhat in 2 > years > So am I correct that: > 'Anomaly Scoring' has now become 'Collaborative Detection Scoring' > > Also in that article it mentions unblocking a rule at end of > modsecurity_crs_49_inbound_blocking.conf > However doing that results in this error: > 'Starting httpd: Syntax error on line 34 of > /etc/httpd/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf:' > 'ModSecurity: No action id present within the rule' > > I'm pretty sure I read that all rules now require an 'id' (?) > Incrementing by 1 from rules above it to give id:981177 doesnt work: > 'ModSecurity: Found another rule with the same id' > > So what is method to get an id for this rule? any other rule? > > thanks > > Gene > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
