Good morning everyone, Walter Hop has assembled a big list of ideas worth considering when assessing a single core rule set rule. The list is one of the results of many, many conversations around the paranoia mode and around issues pending on github.
I invite you all to take a look and try and think of additional considerations worth adding: https://www.owasp.org/index.php/OWASP_ModSecurity_rule_evaluation_framework When talking about the merits of a rule in the future, we can go through this document like a checklist and decide on that base afterwards. It makes all the decisions more transparent - and more reliable. This list is awesome! Ahoj, Christian -- mailto:[email protected] http://www.christian-folini.ch twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
