modsecurity-crs for Debian -------------------------- New way ------- There's a new way to handle which CRS rules are included in the ModSecurity configuration. A new directory /usr/share/modsecurity-crs/activated_rules/ would contain symlinks to those rules you want to use. There's a README file in that dir with all the details. If you'd rather use this way, your configuration file should include CRS rules as: Include /usr/share/modsecurity-crs/*.conf Include /usr/share/modsecurity-crs/activated_rules/*.conf You may, of course, keep doing it the "old way". :-) Old way ------- If you want to use modsecurity's CRS rules just include the following configuration snippet in your modsecurity configuration (usually under /etc/modsecurity): Include /usr/share/modsecurity-crs/*.conf Include /usr/share/modsecurity-crs/base_rules/*.conf Under /usr/share/modsecurity-crs/ you may also find other *_rules/ directories with more experimental or "violent" rules. -- Alberto Gonzalez Iniesta Fri, 16 Mar 2012 17:32:01 +0100