Crs - Owasp Modsecurity Marrow Dominion Set



The OWASP ModSecurity Core Rule Set (CRS) is a laid upwards of generic assault detection rules for role amongst ModSecurity or compatible spider web application firewalls. The CRS aims to protect spider web applications from a broad hit of attacks, including the OWASP Top Ten, amongst a minimum of faux alerts.

The Core Rule Set provides protection against many mutual assault categories, including:
  • SQL Injection (SQLi)
  • Cross Site Scripting (XSS)
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Remote Code Execution (RCE)
  • PHP Code Injection
  • HTTP Protocol Violations    HTTPoxy
  • Shellshock
  • Session Fixation
  • Scanner Detection
  • Metadata/Error Leakages
  • Project Honey Pot Blacklist
  • GeoIP Country Blocking

New Features inward CRS 3

CRS three includes many coverage improvements, plus the next novel features:
  • Over 90% reduction of faux alerts inward a default install
  • A user-defined Paranoia Level to enable additional strict checks
  • Application-specific exclusions for WordPress Core together with Drupal
  • Sampling vogue runs the CRS on a user-defined pct of traffic
  • SQLi/XSS parsing using libinjection embedded inward ModSecurity


For a sum listing of changes inward this release, catch the CHANGES document.

Installation

CRS three requires an Apache/IIS/Nginx spider web server amongst ModSecurity 2.8.0 or higher.

Download CRS.
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

After download, re-create crs-setup.conf.example to crs-setup.conf. Optionally edit this file to configure your CRS settings. Then include the files inward your webserver configuration:
Include /.../crs-setup.conf Include /.../rules/*.conf

For detailed installation instructions, catch the INSTALL document. Also review the CHANGES together with KNOWN_BUGS documents.
You tin update the dominion laid upwards using the included script util/upgrade.py.

Handling False Positives together with Advanced Features

Advanced features are explained inward the crs-setup.conf together with the dominion files themselves. The crs-setup.conf file is to a greater extent than oftentimes than non a real proficient entry signal to explore the features of the CRS.
We are trying difficult to cut down the publish of faux positives (false alerts) inward the default installation. But sooner or later, you lot may meet faux positives nevertheless.

Christian Folini's tutorials on installing ModSecurity, configuring the CRS together with handling faux positives furnish in-depth information on these topics.

Core Team