crs 3.3/master vs crs4.0/main

[Emilio Campos]

Hi all, I realised that there are some differences between versions 3.3 and 4.0. I do mention the following rulesets, not included in 4.0:

REQUEST-922-MULTIPART-ATTACK.conf

REQUEST-912-DOS-PROTECTION.conf

I am using ModSecurity 3.0.12.

Is there some reason not to include these rules in the crs4.0/main branch?

Can the rules be copied or adapted to make this work in crs4.0/main?

Thanks!

[Ervin Hegedüs]

Hi Emilio,

> I do mention the following rulesets, not included in 4.0:

> 

> REQUEST-922-MULTIPART-ATTACK.conf

> REQUEST-912-DOS-PROTECTION.conf

File REQUEST-922-MULTIPART-ATTACK.conf IS part of 4.0, see this link, or see the latest release.

The DOS protection and the exclusion subsets are available as plugins. See CRS plugin-registry repository. There you can see the DOS protection plugin too.

> Is there some reason not to include these rules in the crs4.0/main branch?

Well, CRS 3.3 is CRS 3.3, and CRS 4.0 is CRS 4.0 :). But as I explained, 922-MULTIPART subset is still part of CRS 4, I assume that's a mistake.

The other subset is still available, but as a plugin.

> Can the rules be copied or adapted to make this work in crs4.0/main?

I suggest you to read the documentation of plugin that you require, and follow those steps.

a.

--
You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/CAKWgN_rVLhoKTXsivP_oK%3DPFb5Mfe%2BtZDBzBXdbq_nuoE8gzAQ%40mail.gmail.com.