Closed airween closed 4 years ago
Now that I see this one, shouldn't we use 3.3
as version?
Now that I see this one, shouldn't we use
3.3
as version?
we've discussed about the version, and the conclusion was we can use the 3.2, as in cas of every other rule.
Cool. So we merge this one, and if we need in the future we update everything to the needed version.
In the monthly chat meeting from May 4 we decided to merge this PR: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1749#issuecomment-623634756
This PR fixes #650.
A small footnote for this modification: I generated a spreadsheet for the better visibility of changes.
The column E/F contains the status of actions before, J/K after the modification. The
PL control
is a formula, if theid
of the rule is ended up with...011
,...012
. If it's "yes", thenNeed 'ver' act.
is "no". This means thePL control
rules didn't got thever
action now.Need to add
column is "yes" if the action should be at rule (it's not PL control rule) but there isn't yet. If this is "yes" the script added it.If the rule needs the
ver
and contains it after the modification, then theCheck
field isOK
- but doesn't matter that the action was present or not. All fields must beOK
in this column.The
Changed
fields indicates that a change has been made (was not present before - it present after).Definition of
PL control
:I think this form describes the rules with
skipAfter
actions and doesn't affect exclusion rules. The modification affects all otherSecRule
andSecAction
entries.Let me know if there are still missing any
ver
action, or if it's unnecessary.Note, of course, the modification follows the expected sequence of actions.