Updating ModSecurity when using OWASP rule sets

Question

I am somewhat new to Modsecurity and still have a long way to go so bear with me. Ubuntu 18.04

I'm currently running Modsecurity 2.9.2-1 and OWASP rules 3.0.2

I would like to update the rules to what's currently available on github, which is 3.1.0.

I found that there is a binary in /usr/bin called mlogc so I'm wondering if that needs to also be updated or if I can simply replace the rules and all the other conf files etc and that will still work?

Or would I have to un install the entire mod security system and re-install?

For example..... What if I just copied OWASP ModSecurity Core Rule Set ver.3.2.0 right over the top of OWASP ModSecurity Core Rule Set ver.3.0.2

and then copied all the rules for 3.1.0 (latest rule sets)

Thanks

PS Is there an active forum where Modsecurity is discussed?

score 1 · Answer 1 · answered Mar 08 '19 at 19:46

1

Since your ModSecurity is recent (>2.8), simply replacing the OWASP CRS rules with new ones is ok.

Github is the preferred way to download and install CRS.

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

answered Mar 08 '19 at 19:46

Esa Jokinen

43,252
2
75
122

Updating ModSecurity when using OWASP rule sets

1 Answers1