Hi Christian, That was used back a few years ago to either do full inspection or just inspect a few things or tighten some settings like this one
SecRule TX:PARANOID_MODE "@eq 1" "chain,phase:2,rev:'2.1.2',block,msg:'Invalid character in request',id:'960018',tag:'PROTOCOL_VIOLATION/EVASION',tag:'WASCTC/WASC-28',tag:'OWASP_TOP_10/A1',tag:'OWASP_AppSensor/CIE3',tag:'PCI/6.5.2',severity:'4',t:none,t:urlDecodeUni,tag:'http://i-technica.com/whitestuff/asciichart.html'" SecRule REQUEST_URI|REQUEST_BODY|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|TX:HPP_DATA \ "@validateByteRange 32-126" \ -----Original Message----- From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of Christian Folini Sent: mardi 9 février 2016 20:29 To: Funk, Lukas Cc: Owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Re: [Owasp-modsecurity-core-rule-set] Paranoid vs. Paranoia Mode Lukas, On Tue, Feb 09, 2016 at 03:35:49PM +0000, Funk, Lukas wrote: > I was just having another look into the AuditConsole and stumbled over > this screenshot: > https:/gith/jwall.org/web/audit/console/screenshots/event-view2.png > > What caught my eye was in the Rules Section "setvar:tx.paranoid_mode=0" and > it made me curious what that is. > I could find anything in the latest CRS and also noting in older version in > the GitHub repo... It is an artefact from an older version. It is so old, it is not even on github (core rules were maintained on a subversion server before) anymore. There is a minimal trace of this functionality in 2.2.X in the file modsecurity_crs_20_protocol_violations.conf. Unfortunately, I do not remember if it was in use with a wider set of rules. I seem to remember it being introduced by Ryan Barnett as a means to get tougher rules into the core ruleset. But I never saw anybody use the mode and AFAIK Ryan did not pursue this, so it disappeared at a given moment. I'd say the reason was lack of use. It was not of much use in my eyes because the concept was developed far enough. This time, the use concept is very clear and we are also providing documentation and a guide to decide if it is worth the effort. Hope this helps! Christian -- If you shut your door to all errors truth will be shut out. --- Rabindranath Tagore _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
