CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that is distributed under an Open Source license. Dubbed the first line of defense, CRS is the most widspread WAF rule set on the internet protecting more than 100 TBit/s of traffic globally.
NGINX is the Open Source (OSS) web server, reverse proxy and API gateway, that today powers over 400 million websites. NGINX provides a number of solutions bundled with NGINX OSS, including web application firewalls (WAFs), a Kubernetes Ingress Controller, a Service Mesh, and a controller with Application Delivery Controller (ADC), Application Security and API-Management capabilities.
NGINX appreciates the work done by the ModSecurity CRS community, supporting the many sites running the ModSecurity CRS module on top of NGINX to protect against the many security risks described by the OWASP Top Ten project.
The ModSecurity CRS project plans to use the sponsorship on projects for the developers, and to provide better support to the user community. The whole Covid-19 situation has been very taxing. We had to skip physical developer meetings and we want to bring them back in 2021. Furthermore, it is important to improve our reaction time to false positives as reported by our users.