Score:0

Is it okay to use core ruleset v3.3 on modsecurity v2.9

us flag

I am just a beginner in the field of security. I have installed ModSecurity v2.9 on my server using this link. But GitHub repository for the core rule set in the link was outdated, so later I removed the ruleset with the official ruleset. Is it okay to update core rules v3.3 with mod security v2.9? Will it break my site?

Score:1
us flag

In my opinion, it is not only okay but really recommended to do it.

You can also use the repository maintained by our own CRS developer and Debian Maintainer, Ervin, hosted at https://modsecurity.digitalwave.hu/

Regarding if it "will break your site", depends a lot on what you are hosting. There are lots of recommendations on how to begin (e.g. start with paranoia level 1), and if you are hosting one of the supported applications we have a predefined exclusion package that can be used (e.g. WordPress, Drupal, owncloud/nextcloud, etc.). Please check the documentation in the official webpage

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.