Good morning everyone, Walter Hop has assembled a big list of ideas worth considering when assessing a single core rule set rule. The list is one of the results of many, many conversations around the paranoia mode and around issues pending on github.
I invite you all to take a look and try and think of additional considerations worth adding: https://www.owasp.org/index.php/OWASP_ModSecurity_rule_evaluation_framework When talking about the merits of a rule in the future, we can go through this document like a checklist and decide on that base afterwards. It makes all the decisions more transparent - and more reliable. This list is awesome! Ahoj, Christian -- mailto:christian.fol...@netnea.com http://www.christian-folini.ch twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set