The OWASP® ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:
SQL Injection (SQLi) Cross Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) PHP Code Injection Java Code Injection |
HTTPoxy Shellshock Unix/Windows Shell Injection Session Fixation Scripting/Scanner/Bot Detection Metadata/Error Leakages |
Current version: 4.0.0 (Major Release)
New Features in CRS 4
CRS 4 includes many coverage improvements, plus the following new features:
- Plug-in architecture allowing official and 3rd party plugins to integrate into CRS
- Early-Blocking option
- Over 500 individual rule bypasses closed following a big Bug Bounty project
- New web shell detection
- Full RE2/Hyperscan compatibility for better performance
- Support for HTTP/3
- More granular reporting options
For a more detailed list of changes see the blog post accompanying CRS 4.0.0 or check out the CHANGES document to see the full list.