Additional Resources
Note
The content on this page may be outdated. We are currently in the process of rewriting all of our documentation: please bear with us while we update our older content.
Free and Open-Source Community Help
- CRS GitHub repository. Open issues for bugs, report false positives, and access the source code.
- CRS Slack channel. Come and talk to the CRS community. If you don’t have access yet, get your invite here.
- ModSecurity Users Mailing List (SourceForge): General discussion about ModSecurity.
- ModSecurity Developers Mailing List (SourceForge): Development discussion about ModSecurity.
- There is an extended set of tutorials at netnea.com, that introduces the CRS integration and the handling of false positives with great detail. It is worth checking out:
- Tutorial 6: Embedding ModSecurity
- Tutorial 7: Including OWASP CRS
- Tutorial 8: Handling False Positives with OWASP CRS
Commercial Help
- TBD
- ModSecurity Training
Books about ModSecurity
- ModSecurity Handbook
- ModSecurity Handbook is “The definitive guide to the popular open source web application firewall”, by Christian Folini and Ivan Ristić. The book is available from Feisty Duck in hard copy or with immediate access to the digital version which is continually updated.
- Web Application Defender’s Cookbook: Battling Hackers and Defending Users
- The Web Application Defender’s Cookbook: Battling Hackers and Protecting Users is a book written by previous ModSecurity Project Lead and OWASP ModSecurity Project Lead Ryan Barnett. The book outlines critical defensive techniques to protect web applications and includes example ModSecurity rules/scripts.
- ModSecurity 2.5
- ModSecurity 2.5 is “A complete guide to using ModSecurity”, written by Magnus Mischel. The book is available from Packt Publishing in both hard copy and digital forms.*
- Apache Security
- Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O’Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book.
- Preventing Web Attacks with Apache
- Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.