headers
jaylam | 6 Oct 2010 15:56
Picon

Mod Security 2.5.12


Hi everyone,

I am just updating ModSecurity 2.5.11 to 2.5.12.
I found that all thr rules have a big differerent.

1. All block action in the rules in all conf file changed to pass??
2. Only count on the Anormal score system to block request/response?
3. Then how can i allow the blocking on a specific rule?

I found it is very difficult to upgrade ModSecurity (since 2.5.7).
Everytime i spent a lot effort to upgrade it.
Do u have any suuggestions or standard upgrade procedures from me? (in
order to keep my customize rules)

I need help~~

Many thanks!!!

Jay
This e-mail is intended solely for the addressee.  If you have received
this e-mail in error, please notify the sender by reply e-mail and
immediately delete it from your system.

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
(Continue reading)

Permalink | Reply |
headers
Jamuse | 7 Oct 2010 09:53
Picon

Re: Mod Security 2.5.12

On Wed, Oct 6, 2010 at 3:56 PM, <jaylam <at> jetco.com.hk> wrote:

Hi everyone,

I am just updating ModSecurity 2.5.11 to 2.5.12.
I found that all thr rules have a big differerent.

1. All block action in the rules in all conf file changed to pass??
2. Only count on the Anormal score system to block request/response?
3. Then how can i allow the blocking on a specific rule?

Hi Jaylam,
Have you tried SecRuleUpdateActionById?
 

I found it is very difficult to upgrade ModSecurity (since 2.5.7).
Everytime i spent a lot effort to upgrade it.
Do u have any suuggestions or standard upgrade procedures from me? (in
order to keep my customize rules)


Your customized rules should be kept seperately from the CRS. Take a look at chapter 3 in the ModSecurity Handbook for suggestions on the folder structure.
 
--
 - Josh
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply |
headers
Ryan Barnett | 7 Oct 2010 16:29

Re: Mod Security 2.5.12

On 10/6/10 9:56 AM, "jaylam <at> jetco.com.hk" <jaylam <at> jetco.com.hk> wrote:

> 
> Hi everyone,
> 
> I am just updating ModSecurity 2.5.11 to 2.5.12.
> I found that all thr rules have a big differerent.
> 
> 1. All block action in the rules in all conf file changed to pass??
> 2. Only count on the Anormal score system to block request/response?
> 3. Then how can i allow the blocking on a specific rule?
> 

As Josh has answered, you can add in a SecRuleUpdateActionById directive in
a local modsecurity_crs_60_customrules.conf file so that you can then update
the pass action to a disruptive one (deny, redirect, etc...).

> I found it is very difficult to upgrade ModSecurity (since 2.5.7).
> Everytime i spent a lot effort to upgrade it.
> Do u have any suuggestions or standard upgrade procedures from me? (in
> order to keep my customize rules)
> 
As a note, we will be updating the CRS to allow for more easy switching
between standard/traditional mode (disruptive actions in rules) and anomaly
scoring mode (rules increase anomaly scores which are evaluated at the end
of the inbound/outbound phases).

-Ryan

> I need help~~
> 
> Many thanks!!!
> 
> Jay
> This e-mail is intended solely for the addressee.  If you have received
> this e-mail in error, please notify the sender by reply e-mail and
> immediately delete it from your system.
> 
> 
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html
> 

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply |

Gmane