From years of experience, the CRS project has assembled a wealth of knowledge and advice on how to write clear and efficient WAF rules, as this page outlines.
The CRS project’s advice on rule writing is contained within the contribution guidelines, a document which can also be found in plain text form in CRS releases for offline reference. The guidelines contain invaluable guidance and tips on how to write rules, including:
- effective regular expression writing
- consistent formatting and indentation
- rule action order
- CRS paranoia level rule compliance
- writing rule tests
While some of the guidelines are specific to writing rules for inclusion in CRS, following the guidelines will help with the creation of any rule set by ensuring that rules are clear, efficient, easy to read, and easy to maintain.