Lukas, On Tue, Feb 09, 2016 at 03:35:49PM +0000, Funk, Lukas wrote: > I was just having another look into the AuditConsole and stumbled over this > screenshot: > https:/gith/jwall.org/web/audit/console/screenshots/event-view2.png > > What caught my eye was in the Rules Section "setvar:tx.paranoid_mode=0" and > it made me curious what that is. > I could find anything in the latest CRS and also noting in older version in > the GitHub repo...
It is an artefact from an older version. It is so old, it is not even on github (core rules were maintained on a subversion server before) anymore. There is a minimal trace of this functionality in 2.2.X in the file modsecurity_crs_20_protocol_violations.conf. Unfortunately, I do not remember if it was in use with a wider set of rules. I seem to remember it being introduced by Ryan Barnett as a means to get tougher rules into the core ruleset. But I never saw anybody use the mode and AFAIK Ryan did not pursue this, so it disappeared at a given moment. I'd say the reason was lack of use. It was not of much use in my eyes because the concept was developed far enough. This time, the use concept is very clear and we are also providing documentation and a guide to decide if it is worth the effort. Hope this helps! Christian -- If you shut your door to all errors truth will be shut out. --- Rabindranath Tagore _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
