Because the commercial rule set is not available, is the “Blocking Based on IP Reputation” effective?
--- Arthur Johnston From: Osama Elnaggar [mailto:oelnagga...@gmail.com] Sent: Sunday, August 13, 2017 6:34 PM To: Arthur E. Johnston <arthurjohns...@verizon.net>; owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Re: [Owasp-modsecurity-core-rule-set] Typo in "REQUEST-910-IP-REPUTATION.CONF" Yes. The rule is commented out because the blacklist mentioned is not provided / is commercial. It is part of TrustWave’s commercial ruleset - https://www.modsecurity.org/commercial-rules.html -- Osama Elnaggar On August 14, 2017 at 11:27:28 AM, Arthur E. Johnston (arthurjohns...@verizon.net <mailto:arthurjohns...@verizon.net> ) wrote: Excuse the interruption. I am just reviewing the rules to better understand their functions. Honestly, I am lost, but learning. While browsing rule “REQUEST-910-IP-REPUTATION.CON”, I discovered a hashtag ‘#’ on line 92, effectively commenting out the beginning of the rule and causing it to be ineffective. Or am I mistaken? #SecRule TX:REAL_IP "@ipMatchFromFile ip_blacklist.data" \ "msg:'Client IP in Trustwave SpiderLabs IP Reputation Blacklist.',\ Arthur Johnston _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org <mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set