I wanted to let you all know that a new CRS v2.0.9 is up in SVN. http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/trunk/
CHANGELOG - -------------------------- Version 2.0.9 - 10/18/2010 -------------------------- Improvements: - Users can now more easily toggle between traditional/standard mode vs. anomaly scoring mode by editing the modsecurity_crs_10_config.conf file - Updated the disruptive actions in most rules to use "block" action instead of "pass". This is to allow for the toggling between traditional vs. anomaly scoring modes. - Removed logging actions from most rules so that it can be controlled from the SecDefaultAction setting in the modsecurity_crs_10_config.conf file - Updated the anomaly scores in the modsecurity_crs_10_config.conf file to more closely match what is used in the PHPIDS rules. These still have the same factor of severity even though the numbers themselves are smaller. - Updated the TAG data to further classify attack/vuln categories. - Updated the SQL Injection filters to detect more boolean logic attacks Bug Fixes: - Fixed restricted file extension bug with macro expansion https://www.modsecurity.org/tracker/browse/CORERULES-60 One of the big changes is that we are trying to make it easier for users to be able to switch back/forth between Anomaly Scoring and Standard operating modes. You can now control this from within the modsecurity_crs_10_config.conf file. I would like to get some feedback on these changes before creating a complete TAR/GZ archive. -Ryan _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
