Blog

Running CRS rules only on certain parameters

Hi, I’m a newcomer to the ModSecurity community and am currently learning about how ModSecurity works with the Core Rule Set and can be used to perform “Virtual Patches” against vulnerable web applications. I have learnt lots reading the rules in the CRS and reading the ModSecurity Handbook written by Christian Folini and Ivan Ristić. …

Running CRS rules only on certain parameters Read More »

CRS Project News August 2017

This is the CRS newsletter covering the period from July until today. What has happened during the last few weeks: We held our community chat last Monday. We have been eight people including Manuel Spartan who participated on the development of the paranoia mode. The big topic was disassembly of the optimized regular expressions that …

CRS Project News August 2017 Read More »

ModSecurity version 2.9.2 released

Trustwave has released ModSecurity version 2.9.2. This is an important update for users of the Core Rule Set. To detect SQL and XSS injections, CRS relies in part on the libinjection library by Nick Galbreath. This library is bundled with ModSecurity. It is regularly updated to address new types of injections. Therefore, to have optimal …

ModSecurity version 2.9.2 released Read More »