Hi there, On Sun, Sep 11, 2016 at 11:41:39AM +0800, Bingwu Yang wrote: > Hello, i have installed CRS-v3.0.0-rc1 on apache, my config is the > following: > > <IfModule security3_module>
I am not sure ModSec3 / libmodsecurity is already in a state where it can handle the full core rule set. Probably not and you are better of with ModSec 2.9.1. > Include conf/owasp-modsecurity-crs-3.0.0-rc1/rules/*.conf It looks like you are missing the crs-setup.conf file. Please follow the instructions in the INSTALL file. > I want to know how can i test these rules ( i mean how to trigger rule:) ) > ? A request with a query string parameter containing "/etc/passwd" is a decent benchmark. It should bring 2 rule hits: 930120 OS File Access Attempt 932160 Remote Command Execution: Unix Shell Code Found Please report any issues with the CRS3 that you encounter. Ahoj, Christian -- If you have men who will only come if they know there is a good road, I don't want them. I want men who will come if there is no road at all. -- David Livingstone _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
