Hey guys, I was going to replace it with a link to the documentation which has the script and csv in it so that we keep things straight. Additionally, if you added custom rules you hopefully didn't add them in within the OWASP CRS rules range so you'll have nothing to worry about :-D
From: <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org>> on behalf of Leos Rivas Manuel <manuel.leosri...@gemalto.com<mailto:manuel.leosri...@gemalto.com>> Date: Thursday, January 14, 2016 at 12:50 AM To: Christian Folini <christian.fol...@netnea.com<mailto:christian.fol...@netnea.com>>, "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: Re: [Owasp-modsecurity-core-rule-set] Renumbering RuleIDs (was: Re: CRS Paranoia Mode: Let's get going) I agree, plus if you have a bunch of custom rules you will suffer to do the renumbering yourself. I made a quick check and apparently there are no collisions in the id's but that doesn't include any possible custom rule out there so a warning must be included. Regards, Manuel -------- Original message -------- From: Christian Folini <christian.fol...@netnea.com<mailto:christian.fol...@netnea.com>> Date: 14/01/2016 06:43 (GMT+01:00) To: owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> Subject: Re: [Owasp-modsecurity-core-rule-set] Renumbering RuleIDs (was: Re: CRS Paranoia Mode: Let's get going) Chaim, Does the renumbering script point out the rules which have been removed from the CRS, or will exception rules continue to linger? https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-rc1/id_renumbering/IDNUMBERING<http://scanmail.trustwave.com/?c=4062&d=5ryX1oXjl8_sZMA7_QE2YX_sWuue3GkoEUjsqH4BPQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fowasp-modsecurity-crs%2fblob%2fv3%2e0%2e0-rc1%2fid%5frenumbering%2fIDNUMBERING> states "This README and associated idNumbering.csv will be removed when this branch is promoted to master." Why is that? Would not people use the csv and the renumbering script once 3.0.0 comes out and they want to migrate to 3.0.0? Ahoj, Christian -- It is not power that corrupts but fear. Fear of losing power corrupts those who wield it and fear of the scourge of power corrupts those who are subject to it. -- Aung San Suu Kyi _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set<http://scanmail.trustwave.com/?c=4062&d=5ryX1oXjl8_sZMA7_QE2YX_sWuue3GkoEUTu83hSYA&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fowasp-modsecurity-core-rule-set> ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
