Search

Clear search

Close search

Main menu

Google apps

ModSecurity Core Rule Set project

1–30 of 90

Welcome to the OWASP Core Rule Set (CRS) project mailing list. Feel free to ask support and general questions about the projects or associated issues and we will do our best to support you.

- CRS Project Leads

0 selected

Blason R, Andrew Howe2

Mar 18

Can we enabled ICAP with modsecurity?

Hi Blason, > ...possible to activate the ICAP client... Is that to say you *have* a specific ICAP

unread,

Can we enabled ICAP with modsecurity?

Hi Blason, > ...possible to activate the ICAP client... Is that to say you *have* a specific ICAP

Mar 18

Michael Bullut, … Andrew Howe4

Mar 17

Inquiry About Project Honeypot Integration with ModSecurity...

Hello Michael, My apologies for the delay in getting this reply and information to you. The Project

unread,

Inquiry About Project Honeypot Integration with ModSecurity...

Hello Michael, My apologies for the delay in getting this reply and information to you. The Project

Mar 17

Mar 10

Enhance Your ModSecurity with Session-Based Security Monitoring

Dear ModSecurity Community, I'd like to share a project that complements ModSecurity by

unread,

Enhance Your ModSecurity with Session-Based Security Monitoring

Dear ModSecurity Community, I'd like to share a project that complements ModSecurity by

Mar 10

11/6/24

SecAction "id:10102,phase:1,drop,nolog,noauditlog" does logging

Dear All, I hope it's OK to post some questions in this group. If not be so kind and advise me

unread,

SecAction "id:10102,phase:1,drop,nolog,noauditlog" does logging

Dear All, I hope it's OK to post some questions in this group. If not be so kind and advise me

11/6/24

10/30/24

CRS versions 4.8.0 and 3.3.7 released

The OWASP CRS team is pleased to announce the release of two new CRS versions: v4.8.0 and v3.3.7. For

unread,

CRS versions 4.8.0 and 3.3.7 released

The OWASP CRS team is pleased to announce the release of two new CRS versions: v4.8.0 and v3.3.7. For

10/30/24

Rahul Thakkar, Christian Folini2

4/19/24

How to implement rate limit using Mod Security Rule

Hey Rahul, Getting this up and running is very hard with ModSecurity and it takes a lot of experience

unread,

How to implement rate limit using Mod Security Rule

Hey Rahul, Getting this up and running is very hard with ModSecurity and it takes a lot of experience

4/19/24

F, Ervin Hegedüs2

4/10/24

CRS and SSTI with Velocity

Hi Max, On Wed, Apr 10, 2024 at 08:33:23AM -0700, F wrote: > Hi > > We found a Server Side

unread,

CRS and SSTI with Velocity

Hi Max, On Wed, Apr 10, 2024 at 08:33:23AM -0700, F wrote: > Hi > > We found a Server Side

4/10/24

Blason R, … Jozef Sudolsky4

4/7/24

Can we remove these parts from logs?

Thanks folks let me try that out. On Sun, Apr 7, 2024, 12:26 Jozef Sudolsky <jo...@sudolsky.sk>

unread,

Can we remove these parts from logs?

Thanks folks let me try that out. On Sun, Apr 7, 2024, 12:26 Jozef Sudolsky <jo...@sudolsky.sk>

4/7/24

mahh m, … Christian Folini3

4/3/24

removed rules in CRS4

Hi there, We have stripped down CRS and moved non-essential functionality into plugins. The Anti-DoS

unread,

removed rules in CRS4

Hi there, We have stripped down CRS and moved non-essential functionality into plugins. The Anti-DoS

4/3/24

Sudharshan K S, … Andrew Howe8

3/16/24

Including CRS inside Location/If directive doesn't work

Hi Sudharshan, > Observation: The inclusion of crs-setup.conf and the other rules doesn't work

unread,

Including CRS inside Location/If directive doesn't work

Hi Sudharshan, > Observation: The inclusion of crs-setup.conf and the other rules doesn't work

3/16/24

Jozef Sudolsky, … Jean-Charles OLLAT6

3/8/24

Re: [jcollat@gmail.com: [modsecurity-core-rule-set-project] Welcome & GeoIP]

Setting tx.geoip-plugin_country_code is used only when tx.geoip-plugin_custom_lookup is set to 1 and

unread,

Re: [jcollat@gmail.com: [modsecurity-core-rule-set-project] Welcome & GeoIP]

Setting tx.geoip-plugin_country_code is used only when tx.geoip-plugin_custom_lookup is set to 1 and

3/8/24

Jean-Charles OLLAT

3/4/24

Welcome & GeoIP

Hello everyone, I wanted to extend a warm thank you for welcoming me to this discussion group.

unread,

Welcome & GeoIP

Hello everyone, I wanted to extend a warm thank you for welcoming me to this discussion group.

3/4/24

Christian Folini

2/15/24

CRS version 4.0.0 is out

Let CRS 4 be your valentine! The OWASP CRS team is proud to announce the release of CRS 4.0. * https:

unread,

CRS version 4.0.0 is out

Let CRS 4 be your valentine! The OWASP CRS team is proud to announce the release of CRS 4.0. * https:

2/15/24

mahh m, Franziska Buehler2

1/21/24

Custom charsets in the rules 920600 and 922110

Hi! Thanks for asking and sorry for your inconvenience. Unfortunately, I can't see from your

unread,

Custom charsets in the rules 920600 and 922110

Hi! Thanks for asking and sorry for your inconvenience. Unfortunately, I can't see from your

1/21/24

Théo B., Ervin Hegedüs2

1/20/24

Hi Théo, perhaps this can help you: https://github.com/coreruleset/modsecurity-crs-docker/blob/

unread,

Hi Théo, perhaps this can help you: https://github.com/coreruleset/modsecurity-crs-docker/blob/

1/20/24

1/12/24

Future of ModSecurity

Hi all, (sorry if someone received crosspost) Perhaps most users read the news: Trustwave transfers

unread,

Future of ModSecurity

Hi all, (sorry if someone received crosspost) Perhaps most users read the news: Trustwave transfers

1/12/24

Andrew Howe, … Christian Folini4

1/2/24

CRS version 4.0.0 release candidate 2 available

Hello Emiliom Nobody has been picking this up, so let's give it a shot. On Fri, Dec 29, 2023 at

unread,

CRS version 4.0.0 release candidate 2 available

Hello Emiliom Nobody has been picking this up, so let's give it a shot. On Fri, Dec 29, 2023 at

1/2/24

Jakub Kuchar, … Christian Folini8

9/8/23

Hello Andrew thanks for sharing information, and yes this is staging machine, if there is usage 75%

unread,

Hello Andrew thanks for sharing information, and yes this is staging machine, if there is usage 75%

9/8/23

saratoga, Christian Folini4

8/7/23

Setting tx.paranoia_level too late?

Hello, On Mon, Aug 07, 2023 at 12:55:42PM +0200, s wrote: > > Could it be your integrator does

unread,

Setting tx.paranoia_level too late?

Hello, On Mon, Aug 07, 2023 at 12:55:42PM +0200, s wrote: > > Could it be your integrator does

8/7/23

7/24/23

CRS version 3.3.5 released

The OWASP ModSecurity Core Rule Set (CRS) team is pleased to announce the release of CRS v3.3.5. For

unread,

CRS version 3.3.5 released

The OWASP ModSecurity Core Rule Set (CRS) team is pleased to announce the release of CRS v3.3.5. For

7/24/23

jarofi, Christian Folini2

6/21/23

Using a regular expression in a ruleRemoveTargetById command

Hey Jarda, It's most unfortunate, but the ruleRemoveTargetById does not allow for regular

unread,

Using a regular expression in a ruleRemoveTargetById command

Hey Jarda, It's most unfortunate, but the ruleRemoveTargetById does not allow for regular

6/21/23

冰封飞飞, Andrew Howe2

6/7/23

Has ModSecurity 3 achieved full compatibility with CRS now?

Hello, ModSecurity Core Rule Set Developer on Duty here. ModSecurity v2 remains the reference

unread,

Has ModSecurity 3 achieved full compatibility with CRS now?

Hello, ModSecurity Core Rule Set Developer on Duty here. ModSecurity v2 remains the reference

6/7/23

Systems Admin, Franziska Buehler4

4/27/23

Configuration variables overwriting

Glad to hear that it works! No need to say sorry. I'm happy to help! Everyone was a newbie at

unread,

Configuration variables overwriting

Glad to hear that it works! No need to say sorry. I'm happy to help! Everyone was a newbie at

4/27/23

Blason R, Ervin Hegedüs2

4/24/23

Custom Modsec rule is not working

Hi Blason R, On Fri, Apr 21, 2023 at 11:16:35PM +0530, Blason R wrote: [...] > Am I doing anything

unread,

Custom Modsec rule is not working

Hi Blason R, On Fri, Apr 21, 2023 at 11:16:35PM +0530, Blason R wrote: [...] > Am I doing anything

4/24/23

Blason R, Ervin Hegedüs7

4/17/23

Protection Against Slowloris and HTTP POST DoS Attack

Hi, On Mon, Apr 17, 2023 at 06:09:56AM +0530, Blason R wrote: > Fail2ban - Hmm that's

unread,

Protection Against Slowloris and HTTP POST DoS Attack

Hi, On Mon, Apr 17, 2023 at 06:09:56AM +0530, Blason R wrote: > Fail2ban - Hmm that's

4/17/23

Emilio Campos, Christian Folini5

2/22/23

OWASP CRS v4.0 dev

Thanks. We're still working on those. Christian On Wed, Feb 22, 2023 at 01:29:08PM +0100, Emilio

unread,

OWASP CRS v4.0 dev

Thanks. We're still working on those. Christian On Wed, Feb 22, 2023 at 01:29:08PM +0100, Emilio

2/22/23

Jakub Kuchar, Christian Folini6

2/9/23

Newbie question how to deal with WYSIWYG editors

Hey Jakub, Thanks for the update. Yes, any WYSIWYG editor transmitting HTML will run into a ton of

unread,

Newbie question how to deal with WYSIWYG editors

Hey Jakub, Thanks for the update. Yes, any WYSIWYG editor transmitting HTML will run into a ton of

2/9/23

Blason R, Andrew Howe3

1/5/23

Can I implement CRS like this? Please suggest on my topology

Thank for your valuable suggestion. And yes the HA matters the most but I was thinking from cloud

unread,

Can I implement CRS like this? Please suggest on my topology

Thank for your valuable suggestion. And yes the HA matters the most but I was thinking from cloud

1/5/23

stevek, Christian Folini2

1/4/23

Blocking POST requests with payload

Hey Steve, On Tue, Jan 03, 2023 at 12:41:00PM -0500, stevek wrote: > Is it possible to block this

unread,

Blocking POST requests with payload

Hey Steve, On Tue, Jan 03, 2023 at 12:41:00PM -0500, stevek wrote: > Is it possible to block this

1/4/23

Blason R, Andrew Howe9

1/3/23

Am I missing anything here?

Well - Thanks again. This will not work with my setup since I am serving around 15 portals on my

unread,

Am I missing anything here?

Well - Thanks again. This will not work with my setup since I am serving around 15 portals on my

1/3/23