First, thanks for making your RPMs available and the very thorough documentation on your site.
I'm just getting my feet wet with mod_security and after some digging I'm puzzled about the delayed rules, specifically the difference between the "free-latest" vs the one referenced by WAF_DELAYED_VERSION in the VERSION file. Example:
modsec-2.7-free-latest.tar.bz2
modsec-201305151625.tar.bz2
The FAQ section "Why do you use a VERSION file method?" indicates you want people to use the one referenced by WAF_DELAYED_VERSION I think, but what is the difference between the two?
I started with DetectionOnly and the free-latest, and after some tests have switched SecRuleEngine On. I'm wondering if I should stick with the "free-latest" or revert to the older rules in the other file. I'm using mod_security 2.7.5 and intending to protect a small wordpress site.
--Larry
Difference between modsec-2.7-free-latest and modsec-version
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Difference between modsec-2.7-free-latest and modsec-ver
The modsec-2.7-free-latest.tar.bz2 set is a delayed subset of the rules available in ASL or a real-time feed.