Thanks Chaim and Lukas! I got positive feedback via private messages too.
The one question, where I am still unsure (and the feedback / criticism is also split) is the question of the good integer range for the paranoia level. 0-4 or rather 0-40. Still not sure. Thoughts on this question are thus very welcome. Ahoj, Christian On Mon, Feb 08, 2016 at 02:31:47PM +0000, Chaim Sanders wrote: > Good writeup Christian! > > On 2/8/16, 2:59 AM, > "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of > Funk, Lukas" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on > behalf of lukas.f...@united-security-providers.ch> wrote: > > >Hi Christian and all, > > > >I follow the discussion about the paranoia mode with great interest. I > >think it could be a good starting point for ModSecurity users which do > >not have the expert knowledge of the rules. > > > >Looking at your proposed structure of the paranoia mode setup, I think > >it's on a good track. The structure is easy to understand! > >Unfortunately I can't comment the different rules, as I don't have much > >experience with them. > > > >Thanks to all of you putting such great effort to the CRS and I'm really > >looking forward to version 3! > > > >Cheers, Lukas > > > > > >>> Dear all, > >>> > >>> With the progress we are making on the rules front, it is time to talk > >>>about > >>> the way it could be implemented. > >>> It's time for the show-me-the-code. He you go: > >>> > >>> > >>>http://scanmail.trustwave.com/?c=4062&d=tN-41hG4qCjBMKf0XEE90boFBx23NXMA > >>>8kit7zcE9Q&s=5&u=https%3a%2f%2fwww%2enetnea%2ecom%2fcms%2f2016%2f02%2f04 > >>>%2fowasp-modsecurity-core-rules- > >>> paranoia-mode-mechanics-proposal/ > >>> > >>> Feedback welcome! > >>> > >>> Christian > > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is strictly prohibited. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- mailto:christian.fol...@netnea.com http://www.christian-folini.ch twitter: @ChrFolini
signature.asc
Description: Digital signature
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
