ModSecurity rules. Useful and problem rules. Post them! :)
Posted: Mon Jul 17, 2017 1:10 pm
Hey folks,
Which OWASP v3 rules are causing false positives? https://www.modsecurity.org/crs/ Whats the paranoia level you use?
Any rules from somewhere else you find useful?
I see modsecurity commercial offering is over 16,000 rules, seems to much as it may slow site a lot. What do you think?
Imo you need to mainly address SQL injections.
Which OWASP v3 rules are causing false positives? https://www.modsecurity.org/crs/ Whats the paranoia level you use?
Any rules from somewhere else you find useful?
I see modsecurity commercial offering is over 16,000 rules, seems to much as it may slow site a lot. What do you think?
Imo you need to mainly address SQL injections.