Hey Lukas, Going back through old emails - There was indeed a paranoid mode before. This is infact why Ryan earlier this week cautioned against the use of the term paranoid. It was seen as too much for normal users to use and so went largely ignored, even though it was designed to be important to the ruleset.
On 2/9/16, 10:35 AM, "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of Funk, Lukas" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of lukas.f...@united-security-providers.ch> wrote: >Hi, > >I was just having another look into the AuditConsole and stumbled over >this screenshot: >http://scanmail.trustwave.com/?c=4062&d=-I261hLggE-pYC4Oi0WIK8Xtbsw4TTmKzI >1n9A63MQ&s=5&u=https%3a%2f%2fjwall%2eorg%2fweb%2faudit%2fconsole%2fscreens >hots%2fevent-view2%2epng > >What caught my eye was in the Rules Section "setvar:tx.paranoid_mode=0" >and it made me curious what that is. >I could find anything in the latest CRS and also noting in older version >in the GitHub repo... > >Googling I found this old message from the mailing list: >http://scanmail.trustwave.com/?c=4062&d=-I261hLggE-pYC4Oi0WIK8Xtbsw4TTmKzI >pg9V7oaQ&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fpipermail%2fowasp-modse >curity-core-rule-set%2f2011-February%2f000621%2ehtml > >It shows a configuration with CRS 2.1.1 and there is a section -=[ >Paranoid Mode ]=-... >Reading the description, it sound something similar Christian and others >like to achieve right now. > >Has anybody an idea why it was removed? It might be helpful for further >consideration implementing the new paranoia mode... > >Regards, Lukas ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
