OWASP ModSecurity Core Rule Set Sensitivity Off

SiTaylor · October 17, 2019, 2:43pm

In the Web Application Firewall

### Package: OWASP ModSecurity Core Rule Set

OWASP Core Ruleset (2013) provides protection against common attack categories, including SQL Injection and Cross-Site Scripting. There are two primary settings, Sensitivity and Action.

In the below article it describes what Low, Medium and High mean for Sensitivity but I can’t find what “OFF” means. Does it mean the sensitivity if off, so any score will trigger a challenge (or applied action) or does it mean the OWASP core ruleset is off, or something else?

domjh · October 17, 2019, 4:13pm

Hi @SiTaylor,

I believe that if you select ‘Off’ there, it means that those rules will not trigger at all.

system · November 16, 2019, 2:43pm

This topic was automatically closed after 30 days. New replies are no longer allowed.