What happend to the experimental rules from v2?

SpiderLabs / owasp-modsecurity-crs

OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)

https://modsecurity.org/crs

Apache License 2.0

2.45k stars 726 forks source link

What happend to the experimental rules from v2? #1670

Closed JStyle21 closed 4 years ago

JStyle21 commented 4 years ago

Hi,

This is more of a question, i was looking to use a rule that was in v2's experimental folder but i don't see it on v3, can i just copy paste to add a new regex as a rule for v3?

dune73 commented 4 years ago

You can - at your own risk.

When the current management took over the project and aimed for v3, we had to set priorities and the experimental rules looked like something few people used, very little experience with it and we did not find them attractive from cursory glance.

JStyle21 commented 4 years ago

Ok, 2 questions then

There is nothing missing or changed in v3 that would prevent those rules from running?
Can i just straightforward copy the copy rules and they work, or does v3 now require some change made to the rules?

dune73 commented 4 years ago

If you are running in anomaly scoring mode, then the names of the variables have changed.

Generally, you should never just copy rules into your production setup. We curate the official CRS3 rules, so the risk is more or less contained. Legacy experimental rules do not come with this protection.

You should look at the rules, try to understand them, test them throughly and only then should you deploy them. This is at your own risk.