The OWASP® ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:
SQL Injection (SQLi) Cross Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) PHP Code Injection Java Code Injection |
HTTPoxy Shellshock Unix/Windows Shell Injection Session Fixation Scripting/Scanner/Bot Detection Metadata/Error Leakages |
Current version: 3.3.5 (security update)
New Features in CRS 3
CRS 3 includes many coverage improvements, plus the following new features:
- Over 90% reduction of false alerts in a default install
- A user-defined Paranoia Level to enable additional strict checks
- Application-specific exclusions for WordPress Core and Drupal
- Sampling mode runs the CRS on a user-defined percentage of traffic
- SQLi/XSS parsing using libinjection embedded in ModSecurity
- Java and PHP code injection/deserialization rules
For a full list of changes in this release, see the CHANGES document.