We will take a vanilla installation of the OWASP ModSecurity Core Rule Set (CRS) troubled by a large number of false positives and tune away the unwelcome alarms, so we get a clearer view on the real attackers. Table of Contents What are we doing? Why are we doing this? Requirements Step 1: Defining a Policy to Fight False Positives Step 2: Getting an Overview Step 3: The first batch of rule exclusions Step 4: Reducing the anomaly score threshold Step 5: The second batch of rule exclusions Step 6: The third batch of rule exclusions Step 7: The fourth batch of rule exclusions Step 8: Summarizing all rule exclusions Step 9 (Goodie): Getting a quicker overview References License / Copying / Further use What are we doing?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |