Hi Christian, Thanks, that’s a nice torrent of mail you sent there! :) I’ll have time to look at the rules next weekend, although maybe I’ll sneak in a few replies before that.
Before making a good judgement call on SQLi and XSS related rules, I still need to know a bit more about libinjection. We should recommend moving a rule into paranoia if its cost is too high relative to its benefit. But, for SQLi and XSS rules, this depends on libinjection, which I haven’t really exercised yet. If libinjection in itself already has a high sensitivity, the benefits of the regexp based rules will become lower. After all, an attack will then likely already be flagged without those rules. In that case, we could move rules from normal to paranoid mode, or dismiss currently removed rules, much more easily. I don’t quite have a good feel about this factor yet, so I really want to launch some tests against it, but it will probably be Saturday before I have the time to do that. Cheers! WH -- Walter Hop | PGP key: https://lifeforms.nl/pgp
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
