Walter, On Sun, Feb 14, 2016 at 05:38:54PM +0100, Walter Hop wrote: > > If we have most rules at paranoia level 1 and default is > > paranoia level 1. Should this rule be a 1 with additional > > whitelisting of FPs, or should we assign it a paranoia > > level of 2? > > > > I'm OK with both options. > > OK. Still a hard call but if we set default paranoia level at 1 (sounds good > to me) I would say this rule should start at a level of 2.
Thank you. I just moved the rule back from "dropped" to "confirmed" in the wiki. I am glad you confirmed the default level setting. My first pull request is mostly done and I just moved the anomaly score evaluation and correlation to level 0 while the other rules are running in level 1. That works nicely. > I was thinking out loud about the principle of CRSv2 users since they might > expect this rule to stay. But we should document clearly somewhere what the > benefits and drawbacks of the levels are. (Maybe it’s time to start a CHANGES > document in the source tree?) Absolutely. You came up with a proposal. It was too narrow for me. My proposal in the mechanics blogpost was probably to broad. Right now, the definition of the paranoia stuff in modsecurity_crs_10_setup.conf.example reads: ... # The possible paranoia levels are 0,1,2,3 and 4. # # FIXME # Level 0: ... # Level 1: ... # Level 2: ... # Level 3: ... # Level 4: ... ... :-) (btw. here is the git link: https://github.com/dune73/owasp-modsecurity-crs/tree/paranoia-mode) Cheers, Christian -- If liberty means anything at all, it means the right to tell people what they do not want to hear. -- George Orwell _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
