8000 Prepare canned responses for dev-on-duty · Issue #2187 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Prepare canned responses for dev-on-duty #2187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dune73 opened this issue Sep 2, 2021 · 7 comments
Closed

Prepare canned responses for dev-on-duty #2187

dune73 opened this issue Sep 2, 2021 · 7 comments
Assignees
@theseion @dune73
Labels
📖 documentation Improvements or additions to documentation

Comments

@dune73
Copy link
Member
dune73 commented Sep 2, 2021
edited
Loading

In order to avoid repeating ourselves, we ought to prepare a few canned responses that address 80-90% of the new issues.

Open question: What responses do we need?

  • FP: Please provide missing information
  • FP: Won't fix due to higher PL, please help yourself with a RE
  • FP: Won't fix due to problem with libinjection beyond our reach, please help yourself with a RE
  • FP: Have you activated rule exclusion package? If not, please do.
@fzipi
Copy link
Member
fzipi commented Sep 19, 2021

I think we can start with these, that will cover probably 90% of the responses.

@fzipi fzipi added the 📖 documentation Improvements or additions to documentation label Sep 19, 2021
@dune73 dune73 mentioned this issue Sep 19, 2021
Closed
@dune73
Copy link
Member Author
dune73 commented Sep 20, 2021

Issue covered in the September issue chat.

@theseion volunteered to come up with a few drafts. @dune73 will refine and finish the texts afterwards.

@dune73 dune73 self-assigned this Sep 20, 2021
@theseion
Copy link
Contributor
theseion commented Oct 3, 2021

missing info

Hi! Thanks for submitting this issue.

Unfortunately, you did not include enough information for us to actually help you. Please provide the following if possible:

  • audit log extract
  • web server and version
  • ModSecurity connector version
  • CRS version

won't fix higher PL

Hi! Thanks for submitting this issue.

Unfortunately, we cannot help you. With the few resources we have we strive to provide the best possible experience for paranoia level 1. Using higher paranoia levels requires much more work and is usually very specific to the environment CRS is deployed in.

One often used technique for dealing with such issues on higher paranoia levels is to use rule exclusions (RE). Look at the included RE packages to get an idea of how this can be done (see also crs-setup.conf.example).

won't fix libinjection

Hi! Thanks for submitting this issue.

Unfortunately, we cannot help you. The issue you've raised is actually specific to libinjection and we don't have the resources to fully investigate or fix such issues. If you have the skills to do so yourself though, that would be amazing!

One often used technique for dealing with issues in libinjection is to use rule exclusions (RE). Look at the included RE packages to get an idea of how this can be done (see also crs-setup.conf.example).

activate RE

Hi! Thanks for submitting this issue.

You should actually be covered by our standard suite of rule exclusion (RE) packages. Did you forget to enable the RE package for your case? Look at crs-setup.conf.example to see how you would enable one of the RE packages.

@dune73
Copy link
Member Author
dune73 commented Nov 3, 2021

Thank you very much @theseion. Perfect to get me started. I've taken your drafts and expanded on https://github.com/coreruleset/coreruleset/wiki/Dev-on-Duty:-Response-Templates. Please check.

@fzipi
Copy link
Member
fzipi commented Nov 14, 2021

@theseion Do you think this one is ready to close?

@theseion
Copy link
Contributor

Sure. @dune73?

@dune73
Copy link
Member Author
dune73 commented Nov 14, 2021

Yes, I think we're done. Thanks.

@dune73 dune73 closed this as completed Nov 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@theseion theseion

@dune73 dune73 4084

Labels
📖 documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@theseion @dune73 @fzipi
0