[
https://www.modsecurity.org/tracker/browse/CORERULES-45?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan Barnett resolved CORERULES-45.
-----------------------------------
Resolution: Won't Fix
The advanced filters file (which is the converted PHPIDS filters) is using hard
coded anomaly score values as the PHPIDS team has good weighting for their
scores for severity. The macro expanded anomaly scores in the 10 config file
have been changed so that the numbers are on a more similar scale as the PHPIDS
rules.
> Hard coded anomaly scores in modsecurity_crs_41_phpids_filters.conf
> -------------------------------------------------------------------
>
> Key: CORERULES-45
> URL: https://www.modsecurity.org/tracker/browse/CORERULES-45
> Project: Core Rules
> Issue Type: Improvement
> Security Level: Normal
> Affects Versions: 2.0.6
> Environment: All
> Reporter: Thomas
> Assignee: Ryan Barnett
>
> In modsecurity_crs_41_phpids_filters.conf tx.anomaly_score values are
> incremented by hard coded values, bypassing "Anomaly Scoring Severity Levels"
> in modsecurity_crs_10_config.conf
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
