Download
The OWASP ModSecurity Core Rule Set (CRS) is a curated, generic Web Application Firewall rule set that detects and blocks common attack categories across most web apps. It focuses on broad protection—SQL injection, cross-site scripting, local/remote file inclusion, command injection, and protocol violations—without requiring app-specific knowledge. Rules are organized into paranoia levels so operators can tune detection aggressiveness and balance false positives against coverage. An anomaly-scoring model accumulates rule hits per request, enabling nuanced blocking thresholds and easier incident triage. The project ships with extensive documentation, exclusion packages, and testing tools to help tailor deployment for frameworks, CDNs, and APIs. Deployed on engines such as ModSecurity or compatible WAFs, CRS is a widely used baseline for HTTP security in reverse proxies and gateways.
Features
- Provides sets of rules targeting OWASP Top Ten vulnerabilities (e.g., SQL injection, XSS, LFI)
- Designed to work with ModSecurity and compatible WAF engines
- Generic rulebase aimed at broad web application protection
- Actively maintained project with regular rule updates
- Community-driven with official repository and documentation
- Flexible integration with existing WAF configurations to reduce false alerts
Project Samples
