In general I like to assume that if people are going to get caught by
something blocking unintentionally it will be a configuration from the
configuration file, as they are supposed to be reading those :-). I
honestly haven¹t heard many complaints about this feature and as a result
I¹d probably leave it enabled as it as sad as it is, is fairly effective.
On 2/13/16, 12:30 AM,
"owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of
Christian Folini" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org
on behalf of christian.fol...@netnea.com> wrote:
>Hi there,
>
>It seems I overlooked this candidate, where Franziska said she is unsure
>whether we should blog certain countries in a default installation or
>not.
>
>The rule does:
> SecRule GEO:COUNTRY_CODE "@pm %{tx.high_risk_country_codes}"
>
>With tx.high_risk_country_codes being set to
>"UA ID YU LT EG RO BG TR RU PK MY CN"
>in modsecurity_crs_10_setup.conf.example.
>
>Depending on your location, requests from the given set of
>countried may be desired and not potential attacks. So I think
>Franziska has a point.
>
>One resolution would be to leave the rule where it is, but comment
>out the definition of the variable in
>modsecurity_crs_10_setup.conf.example
>and provide multiple default variants in the comments.
>That could also be performed in combination with the move to
>the paranoia mode.
>
>Opinions?
>
>Christian
>
>
>--
>The problem is, if you're not a hacker,
>you can't tell who the good hackers are.
>--- Paul Graham
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set@lists.owasp.org
>http://scanmail.trustwave.com/?c=4062&d=5sS-1i1jGNzLWl4_4Oku6bhM-zSgEVOp-i
>xlzEmHDg&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow
>asp-modsecurity-core-rule-set
________________________________
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or use of the information contained herein (including any reliance thereon) is
strictly prohibited. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
