On 14 Feb 2016, at 13:42, Christian Folini <christian.fol...@netnea.com> wrote: > > If we have most rules at paranoia level 1 and default is > paranoia level 1. Should this rule be a 1 with additional > whitelisting of FPs, or should we assign it a paranoia > level of 2? > > I'm OK with both options.
OK. Still a hard call but if we set default paranoia level at 1 (sounds good to me) I would say this rule should start at a level of 2. I was thinking out loud about the principle of CRSv2 users since they might expect this rule to stay. But we should document clearly somewhere what the benefits and drawbacks of the levels are. (Maybe it’s time to start a CHANGES document in the source tree?) -- Walter Hop | PGP key: https://lifeforms.nl/pgp
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
