The OWASP® ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:

SQL Injection (SQLi)
Cross Site Scripting (XSS)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
PHP Code Injection
Java Code Injection
Unix/Windows Shell Injection
Session Fixation
Scripting/Scanner/Bot Detection
Metadata/Error Leakages

New Features in CRS 3

CRS 3 includes many coverage improvements, plus the following new features:

  • Over 90% reduction of false alerts in a default install
  • A user-defined Paranoia Level to enable additional strict checks
  • Application-specific exclusions for WordPress Core and Drupal
  • Sampling mode runs the CRS on a user-defined percentage of traffic
  • SQLi/XSS parsing using libinjection embedded in ModSecurity
  • Java and PHP code injection/deserialization rules

For a full list of changes in this release, see the CHANGES document.

Gold Sponsors

Edgio Logo