Hi - I have some custom rules I'd like to create and I'm looking for a test
engine to drive the rules and ensure I'm getting the expected results. I
checked the FAQ and found this question that directly relates:
How do I handle False Positives and creating Custom Rules?
It is inevitable; you will run into some False Positive hits when using web
application firewalls. This is not something that is unique to ModSecurity. All
web application firewalls will generate false positives from time to time. The
following Blog post information will help to guide you through the process of
identifying, fixing, implementing and testing new custom rules to address false
positives.
But... the last sentence states "The following blog post information ..." and
there is no blog post information following. Where do I find the referenced
material?
Does a test engine exist outside Apache to feed data through the rules to
enable easy regression testing in addition to focused testing of new rules?
Regards,
Ken
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
