coreruleset / documentation Goto Github PK
View Code? Open in Web Editor NEWCRS Documentation
Home Page: https://coreruleset.org/docs/
CRS Documentation
Home Page: https://coreruleset.org/docs/
The ENGINE AND INTEGRATION OPTIONS page lists WAF engines that are compatible with the ModSecurity configuration language. Several of our products package a variant of ModSecurity, which we have customized for performance.
Is it appropriate to add our customized ModSecurity WAF module to this page?
Thank you,
Nick Ramirez
If completely replacing a CRS phase 1 rule (not just updating a rule target etc. but completely replacing a rule, i.e. the operator is being modified) then this cannot occur in the REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
file because any anomaly scoring will be wiped and set to 0 immediately after when REQUEST-901-INITIALIZATION.conf
executes.
RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
is also no good as the replacement rule needs to come before REQUEST-949-BLOCKING-EVALUATION.conf
/RESPONSE-959-BLOCKING-EVALUATION.conf
so that the replacement rule correctly contributes to anomaly scoring totals. Otherwise, things like early blocking mode can start to break.
Document corner case as a known issue.
Include two ideas as solutions:
include
sREQUEST-902-CUSTOM-RULES-POST-INIT
file, or something similar, if there are going to be many such replacement rulesReference: coreruleset/coreruleset#2878
As per: https://github.com/coreruleset/coreruleset/pull/3223/files
.data files are now .ra files.
With the move of ModSecurity from Trustwave to OWASP, there is now a need to update our documentation to reflect this, particularly where we discuss engine options and the status of ModSecurity.
CRS Project decided to stop producing two sets of containers, but nobody updated the documentation to reflect this change.
Findings by @dune73:
docker-compose.yaml
. Why don't we provide a preconfigured .ftw.apache.docker.yaml etc.?We need more input from new contributors. Currently, we are relying more and more on a lot of internal and external tools to write our rules. Not everybody may know them, while they are so helpful to create better rules.
I think we should have something like a "Great tools for rule writers" page to bring the rule writing practices from the 2000s to the 2020s.
And maybe even end with a full-fledged "rule writing walkthrough" that strings all the tools together to create a sample rule (could be moved to a separate issue if we want to do that).
At least, we could make a list of useful tools and links to them.
For example:
At best we could have the list, and also create a 'walkthrough' for creating a rule that goes from:
Karel always just does a web search for 'execute postgres online'. But there's a bigger chance that people might give up.
N/A
Every time that I copy-paste one of the agreed 'example tests' from the Contribution Guidelines document, my PR gets errors.
We need to verify that the template "gold standard" tests are correct.
Link to the test templates: https://github.com/coreruleset/documentation/blob/main/content/development/contribution_guidelines.md#positive-tests
@dune73 is happy for his blog post on working with paranoia levels to be used as the foundation of the official documentation on the subject.
The work just needs to be done.
Once the 'Early Blocking' blog post is finalised and published, I will merge the new content into the existing content we have on early blocking mode.
Some of the existing content is probably out of date. Also, the blog post probably has some clearer explanations here and there.
I'm going to do a pass over the extended install.
New options have been added to CONTRIBUTING.MD
, e.g. paranoia level tag advice.
We need to make sure everything is up to date and nothing gets lost between the two (the MD file and the documentation page).
Currently we donβt have documented how to set up and run go-ftw for rule developers.
Create a documentation page under development and explain:
ftw
binary one time with right click and Open.ftw.yaml
Btw, my .ftw.yaml
(if it's not already doc'd somewhere) is:
---
logfile: 'tests/logs/modsec2-apache/error.log'
logtype:
name: 'apache'
timeregex: '\[([A-Z][a-z]{2} [A-z][a-z]{2} \d{1,2} \d{1,2}\:\d{1,2}\:\d{1,2}\.\d+? \d{4})\]'
timeformat: 'ddd MMM DD HH:mm:ss.S YYYY'
We should have Nginx/Coraza too, maybe in the future and do it in steps.
Explain it manually to people 30 times. π
N/A
As far as we know, the AWS WAF "Core rule set (CRS) managed rule group" is not based on the OWASP CRS. (If anyone from AWS is reading this and knows otherwise, please reach out to us.)
This needs to be stated to avoid anyone getting confused and thinking the AWS CRS is the actual CRS.
@RedXanadu's presentation on our CRS Dublin 2023 summit proposed interesting questions. One idea was to add information about how to do logging, what is important, etc.
The new
https://github.com/jcchavezs/coraza-httpbin
Coraza container makes it easy to test CRS by using a pre-built Coraza container.
We should add this as a listed tool to make it easy for anyone to test CRS with Coraza.
Some parts of our documentation will face the problem that they need to describe different major versions, with non-compatible changes.
After reviewing a bit our options, we can:
include
shortcode from the themebase/install.md (base with no "specific" version)
v3/install.md
- (include "base/install.md)
- add specific content (files, etc)
v4/install.md
- (include "base/install.md)
- add specific content (files, etc)
Another option is to use tabbed content with a specific version. This has the advantage that you always have the content in one file.
Let me know what you think.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.