Hi there,
It seems I overlooked this candidate, where Franziska said she is unsure
whether we should blog certain countries in a default installation or
not.
The rule does:
SecRule GEO:COUNTRY_CODE "@pm %{tx.high_risk_country_codes}"
With tx.high_risk_country_codes being set to
"UA ID YU LT EG RO BG TR RU PK MY CN"
in modsecurity_crs_10_setup.conf.example.
Depending on your location, requests from the given set of
countried may be desired and not potential attacks. So I think
Franziska has a point.
One resolution would be to leave the rule where it is, but comment
out the definition of the variable in modsecurity_crs_10_setup.conf.example
and provide multiple default variants in the comments.
That could also be performed in combination with the move to
the paranoia mode.
Opinions?
Christian
--
The problem is, if you're not a hacker,
you can't tell who the good hackers are.
--- Paul Graham
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
