From: Josh Amishav-Zlatin <jam...@gmail.com<mailto:jam...@gmail.com>> Date: Thursday, December 6, 2012 4:12 AM To: "ot...@ahhyes.net<mailto:ot...@ahhyes.net>" <ot...@ahhyes.net<mailto:ot...@ahhyes.net>> Cc: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: Re: [Owasp-modsecurity-core-rule-set] None of the SLR rules work.
On Thu, Dec 6, 2012 at 7:40 AM, <ot...@ahhyes.net<mailto:ot...@ahhyes.net>> wrote: I noticed someone else reported this issue to the mailing list in October: http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2012-October/001228.html Why wasn't this replied to? This doesnt make me feel optimistic that anyone will be replying to my question either. Hi, Some of the SLR rules are missing id's, which was an oversight. I'm not sure if Ryan has some sort of system when assigning rule id's or if anyone can just assign an arbitrary unused id and submit the change for inclusion via git. -- - Josh The problem is that ModSecurity v2.7.x required rule IDs to be set and these older converted Snort/ET rules didn't have any assigned. I can go back through them to add them in. Essentially, we can just reuse the ET "sid" data. As an aside, I did send an email to the community asking if anyone was using these converted ET rules and not one responded… http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2012-June/001091.html -Ryan Surely enough, I notice that all the SLR rules are missing id's, why is that? On 2012-12-06 15:32, ot...@ahhyes.net<mailto:ot...@ahhyes.net> wrote: Hi Guys, I am running ModSecurity v2.7.1 and ver.2.2.7 of the owasp ruleset (from the modsecurity website). I am not having any problems with the base ruleset, however if I try to include any of the SLR rules, they all error out. For example: Syntax error on line 17 of /usr/local/apache/conf/modsec_slr_rules/modsecurity_crs_46_slr_et_joomla_attacks.conf: ModSecurity: No action id present within the rule All of the rules under the SLR directory exhibit this issue. Googling has revealed cryptic and unhelpful results. Any ideas on what is causing the problem?? I have the CRS config setup for Anomaly scoring mode. Alex. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
