CRS Project News December 2017

This is the CRS newsletter covering the period from Early November until today.

We held our monthly community chat. We had quite a few people stop by. Special thanks to lifeforms for leading the chat.

    • lifeforms
    • emphazer
    • franbuehler
    • spartantri
    • fzipi
    • hamlet_

Our agenda from before the chat is available here. We had a short chat, during the chat we discussed the following:

  • @dune73 will be attending German Open Source Business Awards. Chances look good that CRS will a top performer. More information can be found here
  • Using t:lowercase versus (?i) performance and best practice.
    • There is currently no definitive answer
    • A benchmark can be done using ModSecurity debug logs
    • @spartantri will reach out to contacts to determine best approach for measuring and update us next meeting.
  • There are an excessive amount of open PRs and Issues
    • All but three PRs have been assigned reviewers, we have to make a dent this month.
  • The Java rules, that are a key feature of 3.1 need some attention
    • The older versions are available here: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/95e7e6b3982eca93989c7948faca4a961737eace/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf
    • A new ticket will be opened taking into account discussions from https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/881/files
  • Badging
    • We may remove the gitter badge because we don’t feel big enough for two chats and IRC is preferred (more discussion next chat)
    • We should investigate other functional badges using https://github.com/OWASP/github-template as an example.
  • General question about determine if it is possible to determine if user is accessing via HOSTS file.
    • It is not
  • Travis and FTW PRs assigned to csanders
  • #957 rule split Move part to PL3 to prevent JSON false positives
  • PR #896 awaiting fgs update on the PR we think if the comments were taken into account it would be a quick and nice merge, but for now it’s stalled
  • Fizipi resolved the conflict 896 resolving the conflict on this one

The next community chats will be held on the following dates:

  • January 8, 2018 20:30 CET (Note: The change from our normal schedule)
  • February 5, 2018 20:30 CET
  • March 5, 2018 20:30 CET

Some nice new blog posts have come out on coreruleset.org

Leave a Comment

Your email address will not be published. Required fields are marked *