We just recently purchased a subscription and are testing it out on one of our servers. My question is there any need for the following modsecurity files as they may result in duplicate rules?

modsecurity_crs_21_protocol_anomalies.conf
modsecurity_crs_23_request_limits.conf
modsecurity_crs_40_generic_attacks.conf
modsecurity_crs_45_trojans.conf
modsecurity_crs_50_outbound.conf


Thank you,

You would normally not use any of the config/rules files supplied with mod_security itself -- you would only use the ones supplied with your subscription.

If you have a full ASL subscription and you use Plesk then there's an auto-installer and auto-updater. If you subscribe to the rules only then the situation is slightly different and as I don't know much about it I can't really comment. I'm sure Mike/Scott will supply the required info.

Yes, most of these don't matter. modsecurity_crs_40_generic_attacks.conf has been the most useful. As long as those rules are covered I'll remove them when confirmation is received.

You don't any of them, its all covered in our rules. Although if you want to use both it won't hurt, they use different IDs (we have a reserved range too). Although it will use up more resources to run both sets.

Plus you have to tune all the core rules, so expect false positives with those rules until you do that.