Scott/Mike - maybe it would be sensible not to have those particular rules enabled by default in the delayed rules?
Thanks for the suggestion Faris, we don't enable or disable anything with the free/unsupported/delayed rules. Thats all up to the user. Unlike with ASL, users of the free/unsupported/delayed rules just download whatever conf files they want and configure Apache themselves, we dont enable, configure or install anything, the user does. So if its enabled, they enabled it, which is why we provide instructions about the optimal configuration of our rules (which includes not enabling the RBL rules). So, if the RBL rules are enabled, its because the user enabled them, per the wiki:https://www.atomicorp.com/wiki/index.ph ... rity_2.5.x
The recommended ruleset to load is:
So, if you have the RBL rules enabled, go back and make sure you followed our instructions about setting up modsecurity and not someone elses.
For ASL users, this is moot since the RBL rules are disabled by default, plus you can control that from the GUI. In ASL 3.0 this all changes, as RBLs will be something the user defines and it will be generated.
For users that dont use ASL, they will have to do what they do now, manually configure things for their needs and read the documentation online.