mod_security 2.7.3 from CentOS is pretty old and pretty broken. The crs package is equally out of date. Recompiling mod_security from a more recent fedora SRPM and grabbing the OWASP core-rule-set from git will yield much better results, in my opinion. On 07/16/2017 02:32 PM, Nicolas Kovacs wrote: > Hi, > > I'm currently fiddling with mod_security, and before going any further, > I simply wanted to ask here for any recommended documentation/tutorials > on the subject. There seems to be a lot of information about > mod_security out there, and right now I have a bit of a hard time > wrapping my head around it. > > I'm grateful for any suggestions. > > Cheers, > > Niki Kovacs