The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:
|SQL Injection (SQLi)
Cross Site Scripting (XSS)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
PHP Code Injection
Java Code Injection New in CRS 3.1!
Unix/Windows Shell Injection
CRS 3 includes many coverage improvements, plus the following new features:
- Over 90% reduction of false alerts in a default install
- A user-defined Paranoia Level to enable additional strict checks
- Application-specific exclusions for WordPress Core and Drupal
- Sampling mode runs the CRS on a user-defined percentage of traffic
- SQLi/XSS parsing using libinjection embedded in ModSecurity
- Java and PHP code injection/deserialization rules
For a full list of changes in this release, see the CHANGES document.