Regression Tests doesn't have YAML files for following attack and rules of different Paranoia Level
REQUEST-942-APPLICATION-ATTACK-SQLI = 942170
REQUEST-930-APPLICATION-ATTACK-LFI = 930130
REQUEST-920-PROTOCOL-ENFORCEMENT = 920140, 920410, 920171
REQUEST-932-APPLICATION-ATTACK-RCE = 932170, 932171, 932180, 932120
REQUEST-949-BLOCKING-EVALUATION = 949060 949061 949062 949063 949100
REQUEST-913-SCANNER-DETECTION = 913101, 913102
REQUEST-921-PROTOCOL-ATTACK = 921170
REQUEST-942-APPLICATION-ATTACK-SQLI = 942251
REQUEST-932-APPLICATION-ATTACK-RCE = 932106
REQUEST-933-APPLICATION-ATTACK-PHP = 933190
YAML files are not available for above mentioned attack and rules in this link:
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.1/dev/util/regression-tests/tests
Regression Test should have all rules of all attack at different paranoia level
As there is no YAML Files to simulate attacks, I am not able to run attack tests.
I am using WAFBench PyWB in conjunction with YAML Files to simulate attack traffic of different types against WAF Supported LB.
Client -> LB -> Backend Server
Yes, there are still a few gaps, true.
Would you be interested to help us creating some tests for these?
Thanks for the quick response. Sure. Will give it a try
Way to go man. We're happy to assist you, if you encounter any problems.
Thank You
Most helpful comment
Thanks for the quick response. Sure. Will give it a try