What is the OWASP ModSecurity Core Rule Set (CRS)?

The OWASP CRS is a set of generic attack detection rules designed for use with ModSecurity or other compatible web application firewalls. It provides protection against a wide range of common web application attacks, including those listed in the OWASP Top Ten.

Who should use the OWASP Core Rule Set?

The OWASP Core Rule Set is for organizations and developers looking to enhance the security of their web applications. It's particularly useful for those employing ModSecurity or other WAFs and seeking a robust, pre-configured defense against common attack vectors.

How does the OWASP Core Rule Set compare to other WAF rule sets?

The OWASP CRS is an open-source, community-driven project that provides a standardized baseline for WAF protection. Its generic rules are designed to detect a broad spectrum of attacks with a stated aim of minimizing false alerts, unlike proprietary or highly customized rule sets.

When is the OWASP Core Rule Set typically deployed?

The OWASP Core Rule Set is deployed as a first line of defense for web applications, typically in conjunction with a web application firewall like ModSecurity. It should be used to provide immediate, broad protection against common vulnerabilities before more specific application-layer security measures are implemented.

What types of attacks does the OWASP Core Rule Set protect against?

The OWASP Core Rule Set protects against numerous attack categories including SQL Injection, Cross-Site Scripting (XSS), Local File Inclusion (LFI), Remote File Inclusion (RFI), and Server-Side Template Injection (SSTI). It also covers detection for web shells and scanner/bot activity.

coreruleset.org · 09 OCT '22

ModSecurity Core Rule Set

Item: ModSecurity Core Rule Set
Rating: 5
Author: Simon Frey

I use the OWASP Core Rule Set to automatically configure my WAF with generic attack detection rules. It's an essential layer for protecting web applications against the OWASP Top Ten with minimal false positives.

Visit coreruleset.org →

Questions & Answers

What is the OWASP ModSecurity Core Rule Set (CRS)?: The OWASP CRS is a set of generic attack detection rules designed for use with ModSecurity or other compatible web application firewalls. It provides protection against a wide range of common web application attacks, including those listed in the OWASP Top Ten.
Who should use the OWASP Core Rule Set?: The OWASP Core Rule Set is for organizations and developers looking to enhance the security of their web applications. It's particularly useful for those employing ModSecurity or other WAFs and seeking a robust, pre-configured defense against common attack vectors.
How does the OWASP Core Rule Set compare to other WAF rule sets?: The OWASP CRS is an open-source, community-driven project that provides a standardized baseline for WAF protection. Its generic rules are designed to detect a broad spectrum of attacks with a stated aim of minimizing false alerts, unlike proprietary or highly customized rule sets.
When is the OWASP Core Rule Set typically deployed?: The OWASP Core Rule Set is deployed as a first line of defense for web applications, typically in conjunction with a web application firewall like ModSecurity. It should be used to provide immediate, broad protection against common vulnerabilities before more specific application-layer security measures are implemented.
What types of attacks does the OWASP Core Rule Set protect against?: The OWASP Core Rule Set protects against numerous attack categories including SQL Injection, Cross-Site Scripting (XSS), Local File Inclusion (LFI), Remote File Inclusion (RFI), and Server-Side Template Injection (SSTI). It also covers detection for web shells and scanner/bot activity.