Groups
Conversations
All groups and messages
Report Google Groups Bug
Help
Account
Search
Maps
YouTube
Play
News
Gmail
Meet
Contacts
Drive
Calendar
Translate
Photos
Duo
Chrome
Shopping
Finance
Docs
Sheets
Slides
Books
Blogger
Hangouts
Keep
Jamboard
Earth
Collections
Arts and Culture
Google Ads
Podcasts
Stadia
More from Google
Sign in
Groups
ModSecurity Core Rule Set project
Conversations
About
ModSecurity Core Rule Set project
1–30 of 31
Welcome to the OWASP Core Rule Set (CRS) project mailing list. Feel free to ask support and general questions about the projects or associated issues and we will do our best to support you.
- CRS Project Leads
Mark all as read
Report abusive group
0 selected
Andrew Howe
,
Christian Folini
2
11/16/20
Memory issue with specific CRS rules (variable expansion in compiled operators)
Hey Andrew, I think you never got a response for this. Personally, I was not aware of this problem.
unread,
Memory issue with specific CRS rules (variable expansion in compiled operators)
Hey Andrew, I think you never got a response for this. Personally, I was not aware of this problem.
11/16/20
oma...@gmail.com
10/27/20
exclusion for attack-lfi
Hello, there are many occurrences of single double dot '/../' in sites I try to protect by
unread,
exclusion for attack-lfi
Hello, there are many occurrences of single double dot '/../' in sites I try to protect by
10/27/20
rsomme...@cloudflare.com
, …
Christian Folini
3
10/15/20
Allow HTTP/3 by default in 901163/920430
On Tue, Oct 13, 2020 at 04:52:46AM -0700, 'Barry Pollard' via ModSecurity Core Rule Set
unread,
Allow HTTP/3 by default in 901163/920430
On Tue, Oct 13, 2020 at 04:52:46AM -0700, 'Barry Pollard' via ModSecurity Core Rule Set
10/15/20
Christian Folini
9/14/20
CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)
Dear all, ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global
unread,
CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)
Dear all, ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global
9/14/20
Mike Melo
,
Ervin Hegedüs
7
8/13/20
tried ftwrunner, most tests failing
ok thanks for that, will check out the skipped test details... On Thursday, August 13, 2020 at 5:14:
unread,
tried ftwrunner, most tests failing
ok thanks for that, will check out the skipped test details... On Thursday, August 13, 2020 at 5:14:
8/13/20
Mike Melo
, …
Christian Folini
4
8/11/20
CRS regression tests
On Tue, Aug 11, 2020 at 02:22:06PM -0700, Mike Melo wrote: > Thank you!!!! > > this
unread,
CRS regression tests
On Tue, Aug 11, 2020 at 02:22:06PM -0700, Mike Melo wrote: > Thank you!!!! > > this
8/11/20
johan fillon
,
Ruben van Vreeland
3
7/29/20
How to log in Anomaly Scoring mode + change the default http status 403 ??
Hello Ruben, thanks for your answer. Having a nolog in my configuration on the lines SecAction "
unread,
How to log in Anomaly Scoring mode + change the default http status 403 ??
Hello Ruben, thanks for your answer. Having a nolog in my configuration on the lines SecAction "
7/29/20
Walter Hop
7/1/20
Core Rule Set v3.3.0 available
The OWASP ModSecurity Core Rule Set team is proud to announce the final release for CRS v3.3.0. For
unread,
Core Rule Set v3.3.0 available
The OWASP ModSecurity Core Rule Set team is proud to announce the final release for CRS v3.3.0. For
7/1/20
Alex Hautequest
,
Christian Folini
2
6/30/20
CRS for limiting path names length/count
Hey Alex, There is no prepared rule for this. So you may want to write one yourself. SecRule
unread,
CRS for limiting path names length/count
Hey Alex, There is no prepared rule for this. So you may want to write one yourself. SecRule
6/30/20
Walter Hop
6/18/20
OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 2 available
The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 2 for the
unread,
OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 2 available
The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 2 for the
6/18/20
Ervin Hegedüs
6/10/20
Re: [mod-security-users] CentOS 8 Build moving modules to new server
hi Joe, On Wed, Jun 10, 2020 at 03:15:46PM +0000, Madden, Joe via mod-security-users wrote: > Hi
unread,
Re: [mod-security-users] CentOS 8 Build moving modules to new server
hi Joe, On Wed, Jun 10, 2020 at 03:15:46PM +0000, Madden, Joe via mod-security-users wrote: > Hi
6/10/20
Henry
5/27/20
SecGeoLookupDB & file format
Greetings, I would like to use the GeoIP feature of CRS to block by country-IP, however the crs-setup
unread,
SecGeoLookupDB & file format
Greetings, I would like to use the GeoIP feature of CRS to block by country-IP, however the crs-setup
5/27/20
Walter Hop
5/27/20
OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 1 available
The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 1 for the
unread,
OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 1 available
The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 1 for the
5/27/20
john smith
, …
Christian Folini
7
5/23/20
Looking for a way to measure response time
Hi, Sorry to pop this back up but i couldn't find a way nor did i get a response on my last
unread,
Looking for a way to measure response time
Hi, Sorry to pop this back up but i couldn't find a way nor did i get a response on my last
5/23/20
Christian Folini
5/13/20
Core Rule Set github repository moved to new location
Dear all, The OWASP ModSecurity Core Rule Set project has moved house. The project repository is no
unread,
Core Rule Set github repository moved to new location
Dear all, The OWASP ModSecurity Core Rule Set project has moved house. The project repository is no
5/13/20
Mike Melo
,
Christian Folini
3
4/17/20
add a response header in MS3 to transfer timing information
thanks Christian, will keep you posted. On Friday, April 17, 2020 at 6:49:07 AM UTC-4, Christian
unread,
add a response header in MS3 to transfer timing information
thanks Christian, will keep you posted. On Friday, April 17, 2020 at 6:49:07 AM UTC-4, Christian
4/17/20
Stephan Fourie
,
Christian Folini
2
4/13/20
Exclusion Rules for dynamic ARGS
Hello Stephan, You are in a bad situation, but you are not the first one stuck with this lack of
unread,
Exclusion Rules for dynamic ARGS
Hello Stephan, You are in a bad situation, but you are not the first one stuck with this lack of
4/13/20
john smith
,
Christian Folini
3
3/11/20
CRS Rules and Apache responses
On Tue, Mar 10, 2020 at 04:55:15PM -0700, john smith wrote: > Well since i got not replies i
unread,
CRS Rules and Apache responses
On Tue, Mar 10, 2020 at 04:55:15PM -0700, john smith wrote: > Well since i got not replies i
3/11/20
Paul Beckett
,
Christian Folini
2
11/28/19
Best CRS branch for production
Hello Paul, CRS 3.2.0 is the latest stable release. https://modsecurity.org/crs is not under the
unread,
Best CRS branch for production
Hello Paul, CRS 3.2.0 is the latest stable release. https://modsecurity.org/crs is not under the
11/28/19
Christian Folini
,
Paul Beckett
2
11/28/19
Infos for the participants of the CRS Community Summit, September 25, Amsterdam
Were slides or recording from the CRS Community Sumit posted anywhere? Thanks, Paul
unread,
Infos for the participants of the CRS Community Summit, September 25, Amsterdam
Were slides or recording from the CRS Community Sumit posted anywhere? Thanks, Paul
11/28/19
Stephan Fourie
,
Christian Folini
3
10/28/19
Prestashop Exclusion Rules
Hi Christian, Thanks for the reply! Yes, paranoia level 1. I'll report the false positive hits
unread,
Prestashop Exclusion Rules
Hi Christian, Thanks for the reply! Yes, paranoia level 1. I'll report the false positive hits
10/28/19
Ervin Hegedüs
9/26/19
Announcement: msc_pyparser
Hi all, (sorry for the cross posting) let me announce the msc_pyparser tool, a ModSecurity ruleset
unread,
Announcement: msc_pyparser
Hi all, (sorry for the cross posting) let me announce the msc_pyparser tool, a ModSecurity ruleset
9/26/19
Walter Hop
9/24/19
Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0
Dear all, The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of
unread,
Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0
Dear all, The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of
9/24/19
Walter Hop
9/19/19
OWASP ModSecurity Core Rule Set v3.2.0-RC3
Dear all, The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of
unread,
OWASP ModSecurity Core Rule Set v3.2.0-RC3
Dear all, The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of
9/19/19
Walter Hop
9/3/19
OWASP ModSecurity Core Rule Set v3.2.0-RC2
Dear all, The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of
unread,
OWASP ModSecurity Core Rule Set v3.2.0-RC2
Dear all, The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of
9/3/19
Christian Folini
6/27/19
OWASP ModSecurity Core Rule Set 3.1.1 released
The OWASP ModSecurity Core Rule Set team is pleased to announce the CRS release v3.1.1. This is a
unread,
OWASP ModSecurity Core Rule Set 3.1.1 released
The OWASP ModSecurity Core Rule Set team is pleased to announce the CRS release v3.1.1. This is a
6/27/19
Stephan Fourie
,
Christian Folini
2
5/22/19
Access blocked using anomaly scoring with a high threshold
Hi Stefan, Are you sure, it is CRS blocking this? The single alert you posted below bring you to a
unread,
Access blocked using anomaly scoring with a high threshold
Hi Stefan, Are you sure, it is CRS blocking this? The single alert you posted below bring you to a
5/22/19
Christian Folini
5/2/19
CRS News for May 2019 published
Hello, The OWASP ModSecurity Core Rule Set project news for May 2019 are out https://coreruleset.org/
unread,
CRS News for May 2019 published
Hello, The OWASP ModSecurity Core Rule Set project news for May 2019 are out https://coreruleset.org/
5/2/19
Jerald Cheong
,
Ervin Hegedüs
3
4/22/19
Compiling with AFL Fuzzer
Oops!! Thanks Ervin for pointing this out. I should just post this in the right mailing list then. I
unread,
Compiling with AFL Fuzzer
Oops!! Thanks Ervin for pointing this out. I should just post this in the right mailing list then. I
4/22/19
Walter Hop
4/6/19
Proposed removal of debug mode (RESPONSE-981-DEBUG.conf)
Hi all, CRS developers are constantly working to clean up the CRS codebase. One pull request from
unread,
Proposed removal of debug mode (RESPONSE-981-DEBUG.conf)
Hi all, CRS developers are constantly working to clean up the CRS codebase. One pull request from
4/6/19