This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP ModSec CRS Paranoia Mode"
From OWASP
m (New tasks) |
|||
| Line 1: | Line 1: | ||
| − | = | + | ==Abstract== |
This is a page about the development of a paranoia mode aka bringing back the rules that used to yield a high number of false positives. This little project is aimed at inclusion into the 3.0.0 release of the OWASP ModSecurity Core Rules, where some rules have been removed in order to reduce the number of false positives with vanilla installations. | This is a page about the development of a paranoia mode aka bringing back the rules that used to yield a high number of false positives. This little project is aimed at inclusion into the 3.0.0 release of the OWASP ModSecurity Core Rules, where some rules have been removed in order to reduce the number of false positives with vanilla installations. | ||
| − | + | FIXME | |
==Sub-Project Infos== | ==Sub-Project Infos== | ||
* '''Status''': active (January 2016) | * '''Status''': active (January 2016) | ||
| − | * '''Schedule''': January 2016 | + | * '''Schedule''': Pull request in January 2016 |
* '''Who''': Christian Folini (dune73), FIXME | * '''Who''': Christian Folini (dune73), FIXME | ||
* '''Documentation''': Here on the [https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode OWASP Wiki] | * '''Documentation''': Here on the [https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode OWASP Wiki] | ||
Revision as of 04:40, 7 January 2016
Abstract
This is a page about the development of a paranoia mode aka bringing back the rules that used to yield a high number of false positives. This little project is aimed at inclusion into the 3.0.0 release of the OWASP ModSecurity Core Rules, where some rules have been removed in order to reduce the number of false positives with vanilla installations.
FIXME
Sub-Project Infos
- Status: active (January 2016)
- Schedule: Pull request in January 2016
- Who: Christian Folini (dune73), FIXME
- Documentation: Here on the OWASP Wiki
- Discussion / Archive: Core Rules Mailinglist FIXME
- Github Link: FIXME
- Final Pull Request: FIXME
Tasks
Open Tasks
| Task | Who | Status |
| Assemble list of 2.2.x rules, which have disappeared from 3.0.0-rc1 | n.n. | open |
| Assemble list of disappeared rules, which should be brought back | n.n. | open |
| Assemble list of 3.0.0-rc1 rules, which could be moved to the paranoia mode | n.n. | open |
| Assemble list of 3.0.0-rc1 rules, which could be accompanied with stricter siblings in paranoia mode (same idea of the rule, but harder limit etc.) |
n.n. | open |
| Write new stricter siblings for existing rules | n.n. | open |
| Sort out mechanics of the paranoia mode | n.n. | open |
| Define exact syntax of paranoia mode setup | n.n. | open |
| Sort out name: Is "Paranoia Mode" really the right term? | Christian | open |
| Write pull request | n.n. | open |
| Submit pull request | n.n. | open |
| Draw flowchart | n.n. | open |
| Write documentation | n.n. | open |
Closed Tasks
| Task | Who | Status |
| none so far |
