Atomicorp

Previous delayed rules had the Just In Time Patches (99_asl_jitp.conf), but the latest July 14th release indicates the Realtime rules is now required for them.

Is this a new intended change?

Yes, the delayed rules no longer include the Just In Time patches. JITPs are supposed to be real time anyway, and their inclusion in a delayed ruleset means you wont seem them anyway for months, which means you're exposed to all those vulnerabilities for months. Plus they change regularly, and we dont want people to have a false sense of security either.

So we dont want people to get the wrong idea that these are "Just In Time" if you are using delayed rules. "Just In Time" = Real Time.

If you want access to the JITPs you want to use the real time rules:

https://www.atomicorp.com/products/modsecurity.html

I was less concerned with the "Just in Time" part of it versus having some application patches for old software that some of my clients are never updating. Without that they're open to known exploits. I'll look into the realtime patches.