The OWASP® ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:

SQL Injection (SQLi)
Cross Site Scripting (XSS)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
PHP Code Injection
Java Code Injection
Unix/Windows Shell Injection
Session Fixation
Scripting/Scanner/Bot Detection
Metadata/Error Leakages

New Features in CRS 4

CRS 4 includes many coverage improvements, plus the following new features:

  • Plug-in architecture allowing official and 3rd party plugins to integrate into CRS
  • Early-Blocking option
  • Over 500 individual rule bypasses closed following a big Bug Bounty project
  • New web shell detection
  • Full RE2/Hyperscan compatibility for better performance
  • Support for HTTP/3
  • More granular reporting options

For a more detailed list of changes see the blog post accompanying CRS 4.0.0 or check out the CHANGES document to see the full list.

Gold Sponsors

Google Logo