Hi Lukas, On Sun, Jan 10, 2016 at 11:05 AM Lukas <l...@ymx.ch> wrote:
> I found that recommendation. Since I also read that it would not be > fully compatible with OWASP/CRS I have not given it a try. > > What is the situation regrading OWASP/CRS? > Currently there are three different versions of ModSecurity for nginx: - Version 2.9.0: That is the last released version, I think that is the one that you are using. - nginx_refactoring: That version contains some fixes on the top of v2.9.0, but those fixes may lead to instabilities depending on your configuration. - ModSecurity-connector: That is something that still under development and we have some work to do, to be exactly: https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20documentation https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20features https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20operators https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20transformation https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20variables Only use the ModSecurity-connector if you understands well the ModSecurity rules and the consequences of the missing pieces. Further information about libModSecurity can be found here: http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html or: https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/ Br., Felipe.
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
