We strive to make the OWASP ModSecurity CRS accessible to a wide audience of beginner and experienced users. We are interested in hearing any bug reports, false positive alert reports, evasions, usability issues, and suggestions for new detections.

Create an issue on GitHub to report a false positive or false negative (evasion). Please include your installed version and the relevant portions of your ModSecurity audit log.

Sign up for the CRS mailing list to ask general usage questions and participate in discussions on the CRS.

Join the #modsecurity channel on Freenode IRC to chat about the CRS.

If you’ve found a false negative/bypass/security report, please responsibly disclose these by sending an email to