Page 1 of 1

Difference between modsec-2.7-free-latest and modsec-version

Posted: Sun Aug 04, 2013 6:38 pm
by fahnoe
First, thanks for making your RPMs available and the very thorough documentation on your site.

I'm just getting my feet wet with mod_security and after some digging I'm puzzled about the delayed rules, specifically the difference between the "free-latest" vs the one referenced by WAF_DELAYED_VERSION in the VERSION file. Example:


The FAQ section "Why do you use a VERSION file method?" indicates you want people to use the one referenced by WAF_DELAYED_VERSION I think, but what is the difference between the two?

I started with DetectionOnly and the free-latest, and after some tests have switched SecRuleEngine On. I'm wondering if I should stick with the "free-latest" or revert to the older rules in the other file. I'm using mod_security 2.7.5 and intending to protect a small wordpress site.


Re: Difference between modsec-2.7-free-latest and modsec-ver

Posted: Tue Aug 06, 2013 8:30 am
by scott
The modsec-2.7-free-latest.tar.bz2 set is a delayed subset of the rules available in ASL or a real-time feed.