asl-lite doesn't download all rules

Posted: Tue Mar 13, 2012 4:56 pm
by killerhorse

I have been using the Realtime Modsecurity Rules for some months, and I must say, you did, and you are still doing a great job.
For updating the rules I use asl-lite.
Some days ago, I opened a case bacause I had one small problem. I was asked if I use the 11_asl_data_loss.conf rules too. I didn't. Now I'm doing and the problem is solved.
My question is: Is it possible to update this rule file too, with asl-lite. asl-lite seems to download/update only some of the modsecurity rule files.

Re: asl-lite doesn't download all rules

Posted: Tue Mar 13, 2012 5:12 pm
by mikeshinn
Thanks for the question. Asl-lite fail safes right now to only download 2.5.13 compatable rules, and not 2.6.x rules because of the limitations we have in source built and other non-software managed environments in detected what version of mod_security is installed.

We're looking into ways to determine this in asl-lite. ASL already does this, as it can both detect whats installed and upgrade mod_security (as well as manage it and configured, plus allow you to change the rules and view events). So ASL will download rules that require newer versions of mod_security, like the DLP rules, to function, but asl-lite is far more limited because of its intended use (rule downloader).

We could potentially add a way to manually "declare" what version of mod_security you have installed, but we're also looking into if its possible for asl-lite to upgrade mod_security when newer rules require it.