Thanks for the feedback. This RBL has been changed in the real time rules and was released today. Real time rules are released daily. We'll also make the update in the free rules when the next release is published. Free rule releases are made when our schedule allows. The next free release is scheduled for November.
Also, as Scott mentioned, the RBL have been completed disabled in ASL by default for years - its an experimental feature and you have to turn it on. ASL also manages the rules, so it doesnt matter whats not commented out in the rule files - ASL will enable/disable rules for you. You do not have to comment anything out (so it also doesnt matter if its in a rule file or not).
If you are not using ASL, then yes you need to manually configure the rules to meet your needs. This process is documented here:https://www.atomicorp.com/wiki/index.php/Mod_security
As to the rules, we publish our free rules as a courtesy and appreciate any feedback. As you may know, we were the first people to publish mod_security rules. No one has been publishing rules longer than we have, and we've always made our feed available for free. Thank you for the feedback, and we hope you are enjoying the use of our rules for free.
Just to clarify, we publish two versions of our rules:
RealTime Rules: The latest and greatest version of the rules, with all the performance enhancements, new security features and bug fixes released by us on a daily basis. These rules are fully supported and are recommended for production use.
If you use Atomic Secured Linux, the rules are managed by the system and you dont have to manually configure the rule files or anything.
Free/Delayed Rules: These are a subset of the realtime rules (because they don't have all the updates of the real time rules, features go into the real time rules first, so they will be missing new features in the real time rules). They are also based on older versions of the rules and are released several times a year. These rules are not supported and are only recommended for those sites with the expertise to manage and tune them for their systems. If you need production quality supported rules, use the Real Time rules. The website should not have said they are delayed 30 days, we've updated that now and thank you for bringing that to our attention. The free rules are released several times a year on a non-standard schedule.