Hey guys, The rule renumbering script (available in the repo at https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0.0-rc1/id_renu mbering) takes in a csv that breaks down the changes in rule numbers. One can use that to easily change numbering. The goal was though that if you setup CRS correctly that you would only have to fix your exceptions file after updating :)
On 1/13/16, 4:42 AM, "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of Leos Rivas Manuel" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of manuel.leosri...@gemalto.com> wrote: >Hello list, > >For upgrading from CRS 2.2.9 to 3.0 RC1 there is an >http://scanmail.trustwave.com/?c=4062&d=maKW1rV5uDoeLgplZxqhjraEVTyuxN3CT5 >YWh144-g&s=5&u=http%3a%2f%2fupdate%2epy script to renumber the rules, >does it includes all rule id changes already? > >If so just for comparison purposes running the script against the 2.2.9 >CRS will update the id numbers to match those in 3.0RC1, am I right? > >I'm working on doing a comparison of both rulesets to see what the >differences are. > >Regards, >Manuel > >-----Original Message----- >From: Christian Folini [mailto:christian.fol...@netnea.com] >Sent: vendredi 8 janvier 2016 18:12 >To: Leos Rivas Manuel >Subject: Re: CRS Paranoia Mode: Let's get going > >Hello Leos, > >I knew Chaim planned to do an re-numbering, but he was faster than I >anticipated. > >If you do not mind, then let's discuss this on the mailinglist. >Ask the question there and we'll if Chaim or the others have anything to >add. I had two people thinking about hooking up last night... > >Ahoj, > >Christian > >-- >In war you will generally find that the enemy has at any time three >courses of action open to him. Of those three, he will invariably choose >the fourth. >-- Helmuth Von Moltke >________________________________ > This message and any attachments are intended solely for the addressees >and may contain confidential information. Any unauthorized use or >disclosure, either whole or partial, is prohibited. >E-mails are susceptible to alteration. Our company shall not be liable >for the message if altered, changed or falsified. If you are not the >intended recipient of this message, please delete it and notify the >sender. >Although all reasonable efforts have been made to keep this transmission >free from viruses, the sender will not be liable for damages caused by a >transmitted virus. >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >Owasp-modsecurity-core-rule-set@lists.owasp.org >http://scanmail.trustwave.com/?c=4062&d=maKW1rV5uDoeLgplZxqhjraEVTyuxN3CT8 >JD2lw_oQ&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow >asp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
