Hi,
The OWASP Core Rule Set team is pleased to announce the immediate availability
of CRS release v3.0.1
(https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/v3.0.1).
[... lines deleted ...]
Ideally you should be able to update your 3.0.0 rules with the new 3.0.1 rules
without experiencing any
problems.
Unfortunately not: The access to my server was blocked!
But fortunately the problem was easily to find and after removing the
("forgotten" debugging) line number 500
SecRule REQUEST_URI "(.*)" "msg:'got %{tx.0}',id:22,capture"
in the file REQUEST-920-PROTOCOL-ENFORCEMENT.conf all seems to work again.
The difference in that file between 3.0.0 and 3.0.1 can be seen for e.g.
on this page
https://fossies.org/diffs/owasp-modsecurity-crs/3.0.0_vs_3.0.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf-diff.html
But the problem seems known
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/771
and I report it here only to save some people from potential trouble.
Regards
Jens
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
