I added this feature about two months back. See https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/modsecurity_crs_10_setup.conf.example#L273-L294. It might be that you were not on OWASP CRS 3.0 or using an older version. It was a popular feature request. With the rule I pushed anyone can filter project honeypot blacklists by what type of threats they want blocked. Would this address your concerns or does it need something else?
Chaim Sanders Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of Keith D. Holler Sent: Monday, May 25, 2015 5:39 AM To: Owasp-modsecurity-core-rule-set@lists.owasp.org Subject: [Owasp-modsecurity-core-rule-set] httpbl.org blocking search engine web crawlers I had to write my own rule and disable the OWASP httpbl.org<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWDTYu27XmA&s=5&u=http%3a%2f%2fhttpbl%2eorg> rule because httpbl.org<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWDTYu27XmA&s=5&u=http%3a%2f%2fhttpbl%2eorg> has all of the search engine crawlers like MSNBot and Google Bot on the list but in the low threat levels like 3 and 10. Mine only blocks threat levels higher than 20 to prevent hosted sites from not being crawled by search engines. Why hasn't OWASP implemented a similar rule instead of blocking all? -- Keith D. Holler President/Senior Network Engineer AZCAPPY Network Services Quality Network Services Since 1995 Network Operations Center (NOC) Glendale, Arizona 85301, USA (623) 931-0809 Office (866) 931-0809 Toll Free BBB Accredited<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWGHSvjTXlA&s=5&u=http%3a%2f%2fwww%2ebbb%2eorg%2fphoenix%2fbusiness-reviews%2finternet-web-hosting%2fazcappy-network-services-in-glendale-az-1000036203> Find us on Ethical Arizona<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWGTa6WSGzw&s=5&u=http%3a%2f%2fwww%2eethicalaz%2ecom%2fazcappynetworkservices> Find us on the web<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWGHdvmODyg&s=5&u=http%3a%2f%2fwww%2eazcappy%2ecom> Find us on Yelp<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWDbc62CHzw&s=5&u=http%3a%2f%2fwww%2eyelp%2ecom%2fbiz%2fazcappy-network-services-glendale-2> Find us on facebook<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWGHd5WPVzg&s=5&u=http%3a%2f%2fwww%2efacebook%2ecom%2fAzcappyNetworkServices> Find us on Twitter<http://scanmail.trustwave.com/?c=4062&d=8fLi1TJ50Z9Ztf-C3GjQN43FH6K3BsouWGbevjfWlA&s=5&u=http%3a%2f%2fwww%2etwitter%2ecom%2fAZCAPPY> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
