Feature request : support for a free mod security ruleset

[wanah]

Hello,

We are looking into building a working ruleset for mod security.

We tested gotroot ruleset (paid version) but it evolved too quickly for litespeed and caused lots of problems so we gave up with it at that time.

I now wanted to try and implement a rule at a time and try and work out what rules are needed and which ones aren't.

I've just read that ASL no longer provide a free gotroot ruleset and their full paid ruleset is much too large for our needs.

The owasp ruleset seems alot clearer and easier to implement with files like :

modsecurity_crs_46_slr_et_phpbb_attacks.conf

and

modsecurity_crs_46_slr_et_wordpress_attacks.conf

and

modsecurity_crs_46_slr_et_joomla_attacks.conf

So I'm now wandering why support a ruleset that isn't free and that makes everything slow when there is a ruleset that isn't so heavy, that seems much easier to implement ?

What compatibility can we expect with this ruleset ?

http://spiderlabs.github.io/owasp-modsecurity-crs/

Most of the rules seem quite simple and should also give off less false positives then the ASL's paid modsecurity rules

 

[stormy]

I am interested in this too.

I've been evaluating the paid rules and while they work well, I don't like the general attitude of Atomicorp. They are doing everything they can to make it difficult to use anything that's not their ASL product.

 

[wanah]

Just to post an update on this.

Although we have not tested them yet, there is a new promissing modsecurity ruleset :

https://waf.comodo.com

We're waiting to get some feedback from users before installing these rules on a production server and also waiting for the next plugin update.

These rules are free and Comodo says there will always be a free ruleset although there might me a paid version in the future with more features.