Latest rules no longer include Just In Time Patches?

Community support forums for the free/delayed modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the delayed modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
kdean
Forum User
Forum User
Posts: 5
Joined: Sun Jul 14, 2013 10:29 pm
Location: Orlando, FL

Latest rules no longer include Just In Time Patches?

Unread post by kdean »

Previous delayed rules had the Just In Time Patches (99_asl_jitp.conf), but the latest July 14th release indicates the Realtime rules is now required for them.

Is this a new intended change?
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Latest rules no longer include Just In Time Patches?

Unread post by mikeshinn »

Yes, the delayed rules no longer include the Just In Time patches. JITPs are supposed to be real time anyway, and their inclusion in a delayed ruleset means you wont seem them anyway for months, which means you're exposed to all those vulnerabilities for months. Plus they change regularly, and we dont want people to have a false sense of security either.

So we dont want people to get the wrong idea that these are "Just In Time" if you are using delayed rules. "Just In Time" = Real Time.

If you want access to the JITPs you want to use the real time rules:

https://www.atomicorp.com/products/modsecurity.html
kdean
Forum User
Forum User
Posts: 5
Joined: Sun Jul 14, 2013 10:29 pm
Location: Orlando, FL

Re: Latest rules no longer include Just In Time Patches?

Unread post by kdean »

I was less concerned with the "Just in Time" part of it versus having some application patches for old software that some of my clients are never updating. Without that they're open to known exploits. I'll look into the realtime patches.
Post Reply