Setting tx.paranoia_level too late?
31 views
Skip to first unread message
saratoga
Jul 7, 2023, 10:51:53 AM7/7/23
to ModSecurity Core Rule Set project
Hi CRS team
I discovered that my rule 900000 to set tx.paranoia_level to 2 occurs
*after* the inclusion of the CRS rules ("Include rule/*.conf"). I use
CRS v 3.3.4. Does this mean that my rule 900000 is completely ineffective?
SecAction \
"id:900000,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.paranoia_level=2"
Regards
Hans
I discovered that my rule 900000 to set tx.paranoia_level to 2 occurs
*after* the inclusion of the CRS rules ("Include rule/*.conf"). I use
CRS v 3.3.4. Does this mean that my rule 900000 is completely ineffective?
SecAction \
"id:900000,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.paranoia_level=2"
Regards
Hans
Christian Folini
Jul 7, 2023, 11:08:26 AM7/7/23
to saratoga, ModSecurity Core Rule Set project
Hey Hans,
On Fri, Jul 07, 2023 at 04:51:49PM +0200, saratoga wrote:
> I discovered that my rule 900000 to set tx.paranoia_level to 2 occurs
> *after* the inclusion of the CRS rules ("Include rule/*.conf"). I use CRS v
> 3.3.4. Does this mean that my rule 900000 is completely ineffective?
Please elaborate. Our documentation says to include crs-setup.conf first
and then to include the rules, so rule 900000 is executed way before the
rules themselves.
Could it be your integrator does this wrong, or do you follow a bad tutorial?
Best,
Christian
--
I would rather have a mind opened by wonder than one closed by belief.
-- Gerry Spence
On Fri, Jul 07, 2023 at 04:51:49PM +0200, saratoga wrote:
> I discovered that my rule 900000 to set tx.paranoia_level to 2 occurs
> *after* the inclusion of the CRS rules ("Include rule/*.conf"). I use CRS v
> 3.3.4. Does this mean that my rule 900000 is completely ineffective?
and then to include the rules, so rule 900000 is executed way before the
rules themselves.
Could it be your integrator does this wrong, or do you follow a bad tutorial?
Best,
Christian
--
I would rather have a mind opened by wonder than one closed by belief.
-- Gerry Spence
s
Aug 7, 2023, 6:55:47 AM8/7/23
to Christian Folini, ModSecurity Core Rule Set project
On 07.07.23 17:08, Christian Folini wrote:
> Hey Hans,
>
> On Fri, Jul 07, 2023 at 04:51:49PM +0200, saratoga wrote:
>> I discovered that my rule 900000 to set tx.paranoia_level to 2 occurs
>> *after* the inclusion of the CRS rules ("Include rule/*.conf"). I use CRS v
>> 3.3.4. Does this mean that my rule 900000 is completely ineffective?
> Please elaborate. Our documentation says to include crs-setup.conf first
> and then to include the rules, so rule 900000 is executed way before the
> rules themselves.
>
> Could it be your integrator does this wrong, or do you follow a bad tutorial?
raised a Bulletin for there customers. There seems to be a change
between CRS 3.0 and 3.2 releases.
>
> Best,
>
> Christian
>
>
Christian Folini
Aug 7, 2023, 7:18:48 AM8/7/23
to s, ModSecurity Core Rule Set project
Hello,
On Mon, Aug 07, 2023 at 12:55:42PM +0200, s wrote:
> > Could it be your integrator does this wrong, or do you follow a bad
> > tutorial?
>
> It's an integration problem of the Nevis nevisAdmin product. They have
> raised a Bulletin for there customers. There seems to be a change between
> CRS 3.0 and 3.2 releases.
I see. The CRS integration into the nevisAdmin GUI is a bit of a mess.
It's being updated but I am not familiar with the individual versions in
nevisAdmin 3 and 4. It's probably best to write a testrule or two and then
check for precedence in the logfiles.
Cheers,
Christian
P.S. As a side note: AdNovum / Nevis has started to offer ModSecurity / Core
Rule Set courses in collaboration with me. Running CRS successfully on the
nevis platform becomes much easier that way. Maybe that's of interest to you.
--
If you shut your door to all errors truth will be shut out.
--- Rabindranath Tagore
On Mon, Aug 07, 2023 at 12:55:42PM +0200, s wrote:
> > Could it be your integrator does this wrong, or do you follow a bad
> > tutorial?
>
> It's an integration problem of the Nevis nevisAdmin product. They have
> raised a Bulletin for there customers. There seems to be a change between
> CRS 3.0 and 3.2 releases.
It's being updated but I am not familiar with the individual versions in
nevisAdmin 3 and 4. It's probably best to write a testrule or two and then
check for precedence in the logfiles.
Cheers,
Christian
P.S. As a side note: AdNovum / Nevis has started to offer ModSecurity / Core
Rule Set courses in collaboration with me. Running CRS successfully on the
nevis platform becomes much easier that way. Maybe that's of interest to you.
--
If you shut your door to all errors truth will be shut out.
--- Rabindranath Tagore
Reply all
Reply to author
Forward
0 new messages