I think the source is an article from 2003, which explains why Yugoslavia is in
the list:
http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=2A684B6B2B6E99D03F578D3296E05483?doi=10.1.1.198.9996&rep=rep1&type=pdf
(Just to correct, I didn’t want to keep the rule enabled by default, but
instead I’d rather comment it as an example.)
> On 15 Feb 2016, at 21:55, iul...@sphere.ro wrote:
>
> Dears,
>
> I am just wondering on what basis you are considering these countries to be
> potentially risky?
>
> Even if those are risky simply putting these on default will be a mistake.
> Most people don't read the configuration file or don't fully understand every
> feature and just stick with the default configuration.
>
> If you want advanced protection then you are forced to make changes or even
> make your own rules.
>
> Best regards,
> Iulian
>
>
>
> On February 15, 2016 10:17:35 PM GMT+02:00, Christian Folini
> <christian.fol...@netnea.com> wrote:
> Chaim,
>
> I see you and Walter agreeing on the idea to keep the rule around
> in standard mode. I would probably still comment out the default
> country list - but that's a different question.
>
> I've removed the rule from the list of paranoia candidates.
>
> Btw: The country list involves China, but the documentation does not
> name China (but all the other countried).
>
> Cheers,
>
> Christian
>
>
> On Mon, Feb 15, 2016 at 04:19:44AM +0000, Chaim Sanders wrote:
> In general I like to assume that if people are going to get caught by
> something blocking unintentionally it will be a configuration from the
> configuration file, as they are supposed to be reading those :-). I
> honestly haven¹t heard many complaints about this feature and as a result
> I¹d probably
> leave
> it enabled as it as sad as it is, is fairly effective.
>
> On 2/13/16, 12:30 AM,
> "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of
> Christian Folini" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org
> on behalf of christian.fol...@netnea.com> wrote:
>
> Hi there,
>
> It seems I overlooked this candidate, where Franziska said she is unsure
> whether we should blog certain countries in a default installation or
> not.
>
> The rule does:
> SecRule GEO:COUNTRY_CODE "@pm %{tx.high_risk_country_codes}"
>
> With tx.high_risk_country_codes being set to
> "UA ID YU LT EG RO BG TR RU PK MY CN"
> in modsecurity_crs_10_setup.conf.example.
>
> Depending on your location, requests from the given set of
> countried may be desired and not potential attacks. So I t
> hink
> Franziska has a point.
>
> One resolution would be to leave the rule where it is, but comment
> out the definition of the variable in
> modsecurity_crs_10_setup.conf.example
> and provide multiple default variants in the comments.
> That could also be performed in combination with the move to
> the paranoia mode.
>
> Opinions?
>
> Christian
>
>
> --
> The problem is, if you're not a hacker,
> you can't tell who the good hackers are.
> --- Paul Graham
>
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> http://scanmail.trustwave.com/?c=4062&d=5sS-1i1jGNzLWl4_4Oku6bhM-zSgEVOp-i
> <http://scanmail.trustwave.com/?c=4062&d=5sS-1i1jGNzLWl4_4Oku6bhM-zSgEVOp-i>
> xlzEmHDg&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow
> asp-modsecurity-core-rule-set
>
>
>
>
> This trans
> mission
> may contain information that is privileged, confidential, and/or exempt from
> disclosure under applicable law. If you are not the intended recipient, you
> are hereby notified that any disclosure, copying, distribution, or use of the
> information contained herein (including any reliance thereon) is strictly
> prohibited. If you received this transmission in error, please immediately
> contact the sender and destroy the material in its entirety, whether in
> electronic or hard copy format.
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
--
Walter Hop | PGP key: https://lifeforms.nl/pgp
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
