<div dir="ltr"><div>Hi Lukas,</div><br><div class="gmail_quote"><div dir="ltr">On Sun, Jan 10, 2016 at 11:05 AM Lukas <<a href="mailto:l@ymx.ch">l@ymx.ch</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I found that recommendation.  Since I also read that it would not be<br>
fully compatible with OWASP/CRS I have not given it a try.<br>
<br>
What is the situation regrading OWASP/CRS?<br></blockquote><div><br></div><div>Currently there are three different versions of ModSecurity for nginx:</div><div><br></div><div>- Version 2.9.0: That is the last released version, I think that is the one that you are using.</div><div>- nginx_refactoring: That version contains some fixes on the top of v2.9.0, but those fixes may lead to instabilities depending on your configuration.</div><div>- ModSecurity-connector: That is something that still under development and we have some work to do, to be exactly:</div><div><br></div><div><a href="https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20documentation">https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20documentation</a></div><div><a href="https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20features">https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20features</a></div><div><a href="https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20operators">https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20operators</a><br></div><div><a href="https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20transformation">https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20transformation</a><br></div><div><a href="https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20variables">https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20variables</a><br></div><div><br></div><div>Only use the ModSecurity-connector if you understands well the ModSecurity rules and the consequences of the missing pieces. </div><div><br></div><div>Further information about libModSecurity can be found here:</div><div><a href="http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html">http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html</a><br></div><div>or: <a href="https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/">https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/</a></div><div><br></div><div>Br.,</div><div>Felipe.</div></div></div>