The OWASP ModSecurity Core Rule Set (CRS) is a set of generic assault detection guidelines to be used with ModSecurity or suitable internet utility firewalls. The CRS goals to guard internet functions from a variety of assaults, together with the OWASP Top Ten, with a minimal of false alerts.
The Core Rule Set supplies safety in opposition to many frequent assault classes, together with:
- SQL Injection (SQLi)
- Cross Site Scripting (XSS)
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Remote Code Execution (RCE)
- PHP Code Injection
- HTTP Protocol Violations HTTPoxy
- Session Fixation
- Scanner Detection
- Metadata/Error Leakages
- Project Honey Pot Blacklist
- GeoIP Country Blocking
New Features in CRS 3
CRS Three contains many protection enhancements, plus the next new options:
- Over 90% discount of false alerts in a default set up
- A person-outlined Paranoia Level to allow extra strict checks
- Application-specific exclusions for WordPress Core and Drupal
- Sampling mode runs the CRS on a person-outlined proportion of site visitors
- SQLi/XSS parsing utilizing libinjection embedded in ModSecurity
CRS Three requires an Apache/IIS/Nginx internet server with ModSecurity 2.8.zero or greater.
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
After obtain, copy crs-setup.conf.instance to crs-setup.conf. Optionally edit this file to configure your CRS settings. Then embrace the recordsdata in your webserver configuration:
Include /.../crs-setup.conf Include /.../guidelines/*.conf
Handling False Positives and Advanced Features
Advanced options are defined within the
crs-setup.conf and the rule recordsdata themselves. The
crs-setup.conf file is mostly an excellent entry level to discover the options of the CRS.
We try laborious to scale back the variety of false positives (false alerts) within the default set up. But in the end, you could encounter false positives however.