Hi,
I have commented modsecurity_crs_23_request_limits.conf. I want to know
whether i'm still gonna be OWASP compliant.
Thanks in advance.
Tendani
On 16/12/2013 14:00,
[email protected] wrote:
Send Owasp-modsecurity-core-rule-set mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp-modsecurity-core-rule-set digest..."
Today's Topics:
1. Update to
http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-exception-handling.html
(Christian Folini)
----------------------------------------------------------------------
Message: 1
Date: Mon, 16 Dec 2013 06:38:29 +0100
From: Christian Folini <[email protected]>
To: [email protected]
Subject: [Owasp-modsecurity-core-rule-set] Update to
http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-exception-handling.html
Message-ID: <20131216053829.GA26660@elias>
Content-Type: text/plain; charset=utf-8
Hi there,
The blog post
http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-exception-handling.html
has been updated for changes in the rule engine. So I think it is still
the reference on the handling of false positives.
In the section on Anomaly Scoring Exceptions, the inbound anomaly score
is being referenced as tx.anomaly_score, while the core rules reference
it as tx.inbound_anomaly_score.
I think this should be fixed.
Cheers,
Christian
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
