The installation instructions are exactly identical, simply drop the folder structure in an area readable by your web server, include the .conf files from httpd.conf or equivalent, and go through the recommended configuration file and configure your options. At this point in fact 3.0 is by a large margin the preferred ruleset as far as OWASP CRS is concerned. We have hesitated to push 3.0 to main branch for two reasons right now... 1) is that it requires 2.8 or greater in order to run (thanks to things like @detectxss)(only recently has 2.8 become available in things like yum/apt-get repos) and two it has known high(but less high then 2.x) false positives rate for SQL injection. We want to address these false positives before we push it to the master branch. Does that answer your questions?
From: <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org>> on behalf of kause lotski <kause...@yahoo.com<mailto:kause...@yahoo.com>> Reply-To: kause lotski <kause...@yahoo.com<mailto:kause...@yahoo.com>> Date: Monday, September 14, 2015 at 2:19 PM To: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: [Owasp-modsecurity-core-rule-set] Using 3.0 ruleset Hi, as it seems 3.0 greatly improves extended character sets in unicode handling (false positives due to this characters), I would like to give it a try. But as structure has totally changed INSTALL instructions aren't correct anymore in 3.0 branch, can someone give me a quick guide? is there any ETA for 3.0 ? Regards, Kause ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
