![]() I had 3 modsec rulesets installed, strangely 2 versions of OSWAD and a COMODO. When you have some results be free to come back, so we can work through them and adopt them if needed.Īctually not, I'm always keeping Joomla at its latest version. So, to check which rules are causing you problems please take a look at your Apache logs, you'll find link that triggered the problem and the affecting rule ID. So they are surely due for update and rework. What's important to keep in mind is that mod_security is a resource intensive process, and it would be ideal to keep the ruleset compact, only with specific rules that cover the used app and some important base rules.įor example, you can see that the existing Joomla specific rules are almost 2 years old: ![]() ![]() We could also put up a list of rules to Docs website when we have compiled it. But I would surely like to help, since one of my plans is to contribute some of my own rules back to OWASP. Since I use Atomicorp commercial ruleset I can't tell you right now which specific rules to en/disable, I don't implement OWASP ones directly. The OWASP rules are the best free starting point, but as you've already experienced, they're generic and can cause sideffects in many webapps, Joomla too.
0 Comments
Leave a Reply. |