Thanks Chaim, thanks Christian. Gotcha. Will get back to you.
> On 07 Jan 2016, at 21:23, Christian Folini <christian.fol...@netnea.com> > wrote: > > >> Reading through the tasks it appears to me that a good part requires at >> least an intermediate understanding of ModSec and the CRS - >> even though comparing the two rulesets and documenting the project should be >> possible even for me; I’ll sign up for that as soon as I have access to the >> wiki. > > Pick something of your choice. If you are any good at drawing, > "Draw flowchart" would be a good choice. > "Write new stricter siblings for existing rules" should meet your > level of expertise just as well. You could start and play around > with 981173 immediately: copy the rule under a new ID and make > it stricter / paranoid. Once this is done, try and make sure a > uuid is no longer triggering the rule (-> whitelist uuid format > to circumvent the rule; this uuid false positive is a speciality > of 981173). > > More candidates will pop up as we progress. > > Best, > > Christian > >> >> I see myself more as additional “computing power”. So, if you need help with >> anything or got a task for me, let me know. >> Just answer right here or ping me at mail(at)noelzindel(dot)org. >> >> Regards, >> Noël >> >> >>> On 07 Jan 2016, at 08:54, Christian Folini <christian.fol...@netnea.com> >>> wrote: >>> >>> Dear all, >>> >>> As mentioned in my previous response to Walter, I got enough >>> feedback to form a little team to work on this. >>> >>> We created a wiki page on the OWASP wiki under the CRS >>> page: >>> >>> https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode >>> >>> I linked to this page from the main CRS page, where I introduced >>> a section about the upcoming 3.0.0 release. >>> >>> We will try and document our work on this new CRS mode on the >>> said wiki page. Technical discussions are supposed to be held >>> in public, likely on this mailinglist for future archiving. >>> >>> More helping hands are still welcome. You can can join >>> formally by sending me a message, or you can take part in the >>> discussions here or on the wiki. >>> >>> Cheers, >>> >>> Christian Folini >>> >>> >>> >>> -- >>> Those who would give up Essential Liberty to purchase a little >>> Temporary Safety, deserve neither Liberty nor Safety. >>> -- Benjamin Franklin >>> _______________________________________________ >>> Owasp-modsecurity-core-rule-set mailing list >>> Owasp-modsecurity-core-rule-set@lists.owasp.org >>> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> > > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
