OWASP CRS release date?

ItsMattSon

• January 27, 2017 07:08

Hi guys, Quick question regarding this feature request - Update ModSecurity Vendor OWASP to OWASP ModSecurity Core Rule Set (CRS) 3 It looks like it isn't released yet but my error_log suggests I'm running CRS3. Was it released already? Or am I mistaken? (partial copy/paste) [msg "Request Missing an Accept Header"> [severity "NOTICE"> [ver "OWASP_CRS/3.0.0"> [maturity "9"> [accuracy "8"> [tag "Host: 127.0.0.1:80">

• 

  cPanelMichael

  • January 27, 2017 17:56

  [msg "Request Missing an Accept Header"> [severity "NOTICE"> [ver "OWASP_CRS/3.0.0"> [maturity "9"> [accuracy "8"> [tag "Host: 127.0.0.1:80">

  
  Hello, It looks like version 3.0.0 of the OWASP Mod_Security Core Rule Set is now available:
  head -10 /etc/apache2/conf.d/modsec_vendor_configs/OWASP/modsecurity_crs_10_setup.conf # --------------------------------------------------------------- # Core ModSecurity Rule Set ver.3.0.0 # Copyright (C) 2006-2014 Trustwave All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENCE file for full details. # ---------------------------------------------------------------
  I'll look into getting the status on the feature request page updated. Thank you.

  0
• 

  ItsMattSon

  • January 28, 2017 04:16

  Thanks for the confirmation, cPanelMichael! Good to see we're on CRS3 now :D

  0

Please sign in to leave a comment.