View on GitHub

OWASP ModSecurity Core Rule Set (CRS)

Essential Protection Against Web Application Attacks

Download this project as a .zip file Download this project as a tar.gz file

What is the OWASP ModSecurity Core Rule Set (CRS)?

ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules. In order to enable users to take full advantage of ModSecurity™ out of the box, Trustwave's SpiderLabs is sponsoring and maintaining a free certified rule set for the community. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the OWASP ModSecurity Core Rule Set provides generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity™.

Protection Categories

In order to provide generic web applications protection, the Core Rules use the following techniques:

Authors and Contributors

Project Leads:

Support or Contact