OWASP CRS v4.0 dev
62 views
Skip to first unread message
Emilio Campos
Feb 22, 2023, 6:26:44 AM2/22/23
to ModSecurity Core Rule Set project
Hi guys, I am currently using the Core ruleset v4.0 branch v4.0/dev:
and I have to say that I am very happy with the result.
On the other hand I am a bit familiar with previous core ruleset versions, v3, in this version there are rules don't include in v4.0 like DoS o Geolocation, could you let us know if there is some plan of including them in this version? can you also let us know the reason why they have been discarded from this v4.0 version?
Thanks!
Christian Folini
Feb 22, 2023, 6:34:43 AM2/22/23
to Emilio Campos, ModSecurity Core Rule Set project
Hello Emilio,
On Wed, Feb 22, 2023 at 03:26:43AM -0800, Emilio Campos wrote:
> Hi guys, I am currently using the Core ruleset v4.0 branch v4.0/dev:
> https://github.com/coreruleset/coreruleset/tree/v4.0/dev/rules
>
> and I have to say that I am very happy with the result.
Thank you very much. Glad it works out for you. We are very thankful for
people running v4.0/dev since it's a huge release and we want to weed out
as many bugs / false positives as possible before we announce it stable.
> On the other hand I am a bit familiar with previous core ruleset versions,
> v3, in this version there are rules don't include in v4.0 like DoS o
> Geolocation, could you let us know if there is some plan of including them
> in this version? can you also let us know the reason why they have been
> discarded from this v4.0 version?
These options have always been non-mainstream for CRS. They are useful, but
not our core capability.
CRS4 brings plugin functionality. This allows us to move non-mainstream
functionality into plugins. This in turn allows to streamline the main
release to make it easier to run CRS on alternative engines (that can
concentrate on the core functionality).
We have a DoS plugin, IP reprutation and GeoIP is not yet there. But I
wrote an extensive blog post about it lately.
https://www.netnea.com/cms/2022/10/12/using-geoip-information-together-with-modsecurity/
Please find the plugin registry here:
https://github.com/coreruleset/plugin-registry/
Best,
Christian
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/2367bb64-c9a6-4eaf-893f-ef76549eab03n%40owasp.org.
On Wed, Feb 22, 2023 at 03:26:43AM -0800, Emilio Campos wrote:
> Hi guys, I am currently using the Core ruleset v4.0 branch v4.0/dev:
> https://github.com/coreruleset/coreruleset/tree/v4.0/dev/rules
>
> and I have to say that I am very happy with the result.
people running v4.0/dev since it's a huge release and we want to weed out
as many bugs / false positives as possible before we announce it stable.
> On the other hand I am a bit familiar with previous core ruleset versions,
> v3, in this version there are rules don't include in v4.0 like DoS o
> Geolocation, could you let us know if there is some plan of including them
> in this version? can you also let us know the reason why they have been
> discarded from this v4.0 version?
not our core capability.
CRS4 brings plugin functionality. This allows us to move non-mainstream
functionality into plugins. This in turn allows to streamline the main
release to make it easier to run CRS on alternative engines (that can
concentrate on the core functionality).
We have a DoS plugin, IP reprutation and GeoIP is not yet there. But I
wrote an extensive blog post about it lately.
https://www.netnea.com/cms/2022/10/12/using-geoip-information-together-with-modsecurity/
Please find the plugin registry here:
https://github.com/coreruleset/plugin-registry/
Best,
Christian
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/2367bb64-c9a6-4eaf-893f-ef76549eab03n%40owasp.org.
Emilio Campos
Feb 22, 2023, 7:01:01 AM2/22/23
to Christian Folini, ModSecurity Core Rule Set project
Hi Christian, thanks for sharing with me the URLs, I will read the information deeper and test it.
Regards!
Emilio Campos
Feb 22, 2023, 7:29:21 AM2/22/23
to Christian Folini, ModSecurity Core Rule Set project
Hi, I just wanted to mention that in the following URL:
The following plugins are not pointing to any URL content:
performance-plugin - > https://github.com/coreruleset/performance-plugin (Error 404)
dos-protection-modsecurity-v3 - > https://github.com/coreruleset/dos-protection-plugin-modsecurity-v3 (Error 404)Thanks!
Christian Folini
Feb 22, 2023, 7:51:48 AM2/22/23
to Emilio Campos, ModSecurity Core Rule Set project
Thanks. We're still working on those.
Christian
Christian
Reply all
Reply to author
Forward
0 new messages