Blog

CRS Developer Retreat 2021

The OWASP ModSecurity Core Rule Set team met for a one week developer retreat in the Swiss mountains to hack away at CRS together. We worked on several larger projects and ran seven additional workshops, all documented on our GitHub wiki. Why Switzerland? Switzerland is an expensive place, but most of our active developers live …

CRS Developer Retreat 2021 Read More »

Working with Paranoia Levels

Paranoia Levels are an essential concept when working with the Core Rule Set. This blog post will explain the concept behind Paranoia Levels and how you can work with them on a practical level. Introduction to Paranoia Levels In essence, the Paranoia Level (PL) allows you to define how aggressive the Core Rule Set is. …

Working with Paranoia Levels Read More »

A new attempt to combine the CRS with machine learning

The following is a contributing blog post by Floriane Gilliéron. You can reach Floriane via firstname dot lastname at gmail.com. My Master Thesis from EPFL tackled the challenge of using machine learning to improve the performance of a ModSecurity web application firewall, used with the OWASP Core Rule Set. The initiators of the project were …

A new attempt to combine the CRS with machine learning Read More »

Disabling Request Body Access in ModSecurity 3 Leads to Complete Bypass

If you are running ModSecurity 3 with request body access disabled, then I have some bad news. Please sit down, this will be a while. If you are running ModSecurity 2, or you give the engine access to the request body, then you are not affected. But maybe you want to read this post nevertheless. …

Disabling Request Body Access in ModSecurity 3 Leads to Complete Bypass Read More »

Introducing msc_retest

This blog post is about msc_retest, a small family of tools that let you performance test the regular expression engine used inside various ModSecurity versions. As of this writing, the engine is PCRE, but we expect more options in the future.

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)

The OWASP ModSecurity Core Rule Set (CRS) team has identified a Denial of Service vulnerability in the underlying ModSecurity engine. This affects all releases in the ModSecurity v3 release line. The vendor Trustwave Spiderlabs did not release an update yet. However, we are providing users with a patch for ModSecurity and a workaround if they …

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH) Read More »