I had to write my own rule and disable the OWASP httpbl.org rule because httpbl.org has all of the search engine crawlers like MSNBot and Google Bot on the list but in the low threat levels like 3 and 10. Mine only blocks threat levels higher than 20 to prevent hosted sites from not being crawled by search engines. Why hasn't OWASP implemented a similar rule instead of blocking all? --
KEITH D. HOLLER _President/Senior Network Engineer_ AZCAPPY NETWORK SERVICES _Quality Network Services Since 1995_ Network Operations Center (NOC) Glendale, Arizona 85301, USA (623) 931-0809 Office (866) 931-0809 Toll Free BBB Accredited [1] Find us on Ethical Arizona [2] Find us on the web [3] Find us on Yelp [4] Find us on facebook [5] Find us on Twitter [6] Links: ------ [1] http://www.bbb.org/phoenix/business-reviews/internet-web-hosting/azcappy-network-services-in-glendale-az-1000036203 [2] http://www.ethicalaz.com/azcappynetworkservices [3] http://www.azcappy.com [4] http://www.yelp.com/biz/azcappy-network-services-glendale-2 [5] http://www.facebook.com/AzcappyNetworkServices [6] http://www.twitter.com/AZCAPPY
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
