I figured you must have something! This is way to hard to maintain with manual testing. :)
Looking forward to having a look. On May 5, 2011, at 11:45 AM, Ryan Barnett wrote: > Ken, > This is a good point. We have an internal rules test suite for the CRS. I > will work on updating it for the most recent rules and then releasing it in > the CRS util directory. > > I will send more info soon. > > Ryan > > On May 5, 2011, at 11:54 AM, "Ken Brucker" > <[email protected]<mailto:[email protected]>> wrote: > > Hi - I have some custom rules I'd like to create and I'm looking for a test > engine to drive the rules and ensure I'm getting the expected results. I > checked the FAQ and found this question that directly relates: > > How do I handle False Positives and creating Custom Rules? > > It is inevitable; you will run into some False Positive hits when using web > application firewalls. This is not something that is unique to ModSecurity. > All web application firewalls will generate false positives from time to > time. The following Blog post information will help to guide you through the > process of identifying, fixing, implementing and testing new custom rules to > address false positives. > > But... the last sentence states "The following blog post information ..." > and there is no blog post information following. Where do I find the > referenced material? > > Does a test engine exist outside Apache to feed data through the rules to > enable easy regression testing in addition to focused testing of new rules? > > Regards, > Ken > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected]<mailto:[email protected]> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > ________________________________ > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
