v18 - WAF Patterns are not used anymore? How can the WAF patterns update?

In the new version, under "Pattern Updates" the WAF is not in the list anymore. Can you describe how the WAF patterns are updated?

Thanks

Parents Reply
  • Originally the WAF pattern update was meant to be a way to update the ModSecurity rules in the field in the case of a critical vulnerability, but in reality we never had a need for it. And in actual fact the rules havent been updated for quite some time.

    In v18 we are moving to OWASP 3.1 which brings completely new rules and a new rule engine so with this new version we decided to remove the old up2date WAF code and provide any future OWASP updates that there may be in MR's or major releases.

     

    Hope this explains the situation,

    Stuart

Children