Thanks Noel! I will say @Christian that every time we leave space we never end up using the space we leave I¹d vote for just 0-4, but it is just one mans opinion.
On 2/8/16, 11:20 PM, "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of Noël Zindel" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of m...@noelzindel.org> wrote: >Hi everyone, > >let me chime in on this. > >From a newbie perspective, I¹d argue, the 0-4 definition would make sense >since it would be a logical choice. >You should be able to easily distinct between the paranoia rating and the >anomaly rating through the latter¹s variable-definition e.g. warning, >critical, Š > >Nevertheless, Christian¹s argument ³If we leave some room between the >numbers, we have room to fill them in the future.² favours 0-40. >At least for me, since I like the idea of planning way ahead. > >So, from my point of view, a range of 0-40 would be the favourable >choice. But, it¹s arbitrary nature would require a well-curated >documentation. > >It¹s good to see the community¹s commitment on this and I hope to be of >any help. > >Cheers, >Noël > >> On 08 Feb 2016, at 22:12, Christian Folini >><christian.fol...@netnea.com> wrote: >> >> Thanks Chaim and Lukas! >> >> I got positive feedback via private messages too. >> >> The one question, where I am still unsure (and the >> feedback / criticism is also split) is the question >> of the good integer range for the paranoia level. >> 0-4 or rather 0-40. >> >> Still not sure. >> >> Thoughts on this question are thus very welcome. >> >> Ahoj, >> >> Christian >> >> >> On Mon, Feb 08, 2016 at 02:31:47PM +0000, Chaim Sanders wrote: >>> Good writeup Christian! >>> >>> On 2/8/16, 2:59 AM, >>> "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of >>> Funk, Lukas" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org >>>on >>> behalf of lukas.f...@united-security-providers.ch> wrote: >>> >>>> Hi Christian and all, >>>> >>>> I follow the discussion about the paranoia mode with great interest. I >>>> think it could be a good starting point for ModSecurity users which do >>>> not have the expert knowledge of the rules. >>>> >>>> Looking at your proposed structure of the paranoia mode setup, I think >>>> it's on a good track. The structure is easy to understand! >>>> Unfortunately I can't comment the different rules, as I don't have >>>>much >>>> experience with them. >>>> >>>> Thanks to all of you putting such great effort to the CRS and I'm >>>>really >>>> looking forward to version 3! >>>> >>>> Cheers, Lukas >>>> >>>> >>>>>> Dear all, >>>>>> >>>>>> With the progress we are making on the rules front, it is time to >>>>>>talk >>>>>> about >>>>>> the way it could be implemented. >>>>>> It's time for the show-me-the-code. He you go: >>>>>> >>>>>> >>>>>> >>>>>>http://scanmail.trustwave.com/?c=4062&d=tN-41hG4qCjBMKf0XEE90boFBx23N >>>>>>XMA >>>>>> >>>>>>8kit7zcE9Q&s=5&u=https%3a%2f%2fwww%2enetnea%2ecom%2fcms%2f2016%2f02%2 >>>>>>f04 >>>>>> %2fowasp-modsecurity-core-rules- >>>>>> paranoia-mode-mechanics-proposal/ >>>>>> >>>>>> Feedback welcome! >>>>>> >>>>>> Christian >>> >>> >>> ________________________________ >>> >>> This transmission may contain information that is privileged, >>>confidential, and/or exempt from disclosure under applicable law. If >>>you are not the intended recipient, you are hereby notified that any >>>disclosure, copying, distribution, or use of the information contained >>>herein (including any reliance thereon) is strictly prohibited. If you >>>received this transmission in error, please immediately contact the >>>sender and destroy the material in its entirety, whether in electronic >>>or hard copy format. >>> _______________________________________________ >>> Owasp-modsecurity-core-rule-set mailing list >>> Owasp-modsecurity-core-rule-set@lists.owasp.org >>> >>>http://scanmail.trustwave.com/?c=4062&d=kvC51uiCoFG6D9Z7NWTJ-HkiUDGrZPVd >>>MSLLMAERYA&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo% >>>2fowasp-modsecurity-core-rule-set >> >> -- >> mailto:christian.fol...@netnea.com >> >>http://scanmail.trustwave.com/?c=4062&d=kvC51uiCoFG6D9Z7NWTJ-HkiUDGrZPVdM >>SeebAdKbQ&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech >> twitter: @ChrFolini >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> >>http://scanmail.trustwave.com/?c=4062&d=kvC51uiCoFG6D9Z7NWTJ-HkiUDGrZPVdM >>SLLMAERYA&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2f >>owasp-modsecurity-core-rule-set > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
