I’ve been reading through the documentation that comes with the latest CRS and I’m a little confused.
The bundled INSTALL file seems to suggest that modsecurity_crs_10_setup.conf should be installed in activated_rules and also in the directory beneath. Using both results in errors about duplicate id numbers. Which is correct? $ sudo ln -s /usr/local/apache/conf/crs/modsecurity_crs_10_setup.conf activated_rules/modsecurity_crs_10_setup.conf […] <IfModule security2_module> Include conf/crs/modsecurity_crs_10_setup.conf Include conf/crs/activated_rules/*.conf </IfModule> To my mind, the setup.conf files should come before all others, but if so then why number it *and* have it load after the optional ignore_static rules? Thanks, Richard -- http://www.jonze.com/privacy.html _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
