ModSecurity Core Rule Set project

1–30 of 64

Welcome to the OWASP Core Rule Set (CRS) project mailing list. Feel free to ask support and general questions about the projects or associated issues and we will do our best to support you.

- CRS Project Leads

0 selected

Jakub Kuchar, Christian Folini2

8:04 AM

Newbie question how to deal with WYSIWYG editors

Hey Jakub, On Wed, Feb 01, 2023 at 01:13:36AM -0800, Jakub Kuchar wrote: > running on OWASP

unread,

Newbie question how to deal with WYSIWYG editors

Hey Jakub, On Wed, Feb 01, 2023 at 01:13:36AM -0800, Jakub Kuchar wrote: > running on OWASP

8:04 AM

Blason R, Andrew Howe3

Jan 4

Can I implement CRS like this? Please suggest on my topology

Thank for your valuable suggestion. And yes the HA matters the most but I was thinking from cloud

unread,

Can I implement CRS like this? Please suggest on my topology

Thank for your valuable suggestion. And yes the HA matters the most but I was thinking from cloud

Jan 4

stevek, Christian Folini2

Jan 4

Blocking POST requests with payload

Hey Steve, On Tue, Jan 03, 2023 at 12:41:00PM -0500, stevek wrote: > Is it possible to block this

unread,

Blocking POST requests with payload

Hey Steve, On Tue, Jan 03, 2023 at 12:41:00PM -0500, stevek wrote: > Is it possible to block this

Jan 4

Blason R, Andrew Howe9

Jan 3

Am I missing anything here?

Well - Thanks again. This will not work with my setup since I am serving around 15 portals on my

unread,

Am I missing anything here?

Well - Thanks again. This will not work with my setup since I am serving around 15 portals on my

Jan 3

Blason R, Christian Folini2

12/13/22

Has any one test this bypass against CRS

Hey, hey, Yes, we did check and continuing to discuss it in the #coreruleset channel on the OWASP

unread,

Has any one test this bypass against CRS

Hey, hey, Yes, we did check and continuing to discuss it in the #coreruleset channel on the OWASP

12/13/22

12/12/22

team82 WAF bypass abusing JSON...

Hi Just came across https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-

unread,

team82 WAF bypass abusing JSON...

Hi Just came across https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-

12/12/22

Blason R, … Achim3

11/15/22

Am 15.11.22 um 07:20 schrieb Blason R: > Hi Team, > > > This may sound of the forum but I

unread,

Am 15.11.22 um 07:20 schrieb Blason R: > Hi Team, > > > This may sound of the forum but I

11/15/22

Blason R, Walter Hop3

11/7/22

DOS Rules : TX:STATIC_EXTENSIONS

> I am trying to set DOS in Modsecurity CRS 3.3.2 and stumbled upon TX:STATIC_EXTENSIONS. How does

unread,

DOS Rules : TX:STATIC_EXTENSIONS

> I am trying to set DOS in Modsecurity CRS 3.3.2 and stumbled upon TX:STATIC_EXTENSIONS. How does

11/7/22

Blason R, Ervin Hegedüs5

11/6/22

How do I update the rules?

That sounds good and thanks for the clarification. On Sat, Nov 5, 2022 at 5:23 PM Ervin Hegedüs <

unread,

How do I update the rules?

That sounds good and thanks for the clarification. On Sat, Nov 5, 2022 at 5:23 PM Ervin Hegedüs <

11/6/22

Blason R, Andrew Howe3

11/3/22

Base64 encoding is not getting detected

Thank you for the clarification and appreciate it. On Wed, Nov 2, 2022, 16:51 Andrew Howe <

unread,

Base64 encoding is not getting detected

Thank you for the clarification and appreciate it. On Wed, Nov 2, 2022, 16:51 Andrew Howe <

11/3/22

Jay Kelner, Franziska Buehler2

10/27/22

modsecurity-crs performance benchmarks

Hi Jay, Thank you for your interesting question. I'm not aware of any performance testing we'

unread,

modsecurity-crs performance benchmarks

Hi Jay, Thank you for your interesting question. I'm not aware of any performance testing we'

10/27/22

AW, Ervin Hegedüs2

10/19/22

Rule 942100 - filter by libinjection fingerprints

Hi AW, On Wed, Oct 19, 2022 at 02:31:32AM -0700, AW wrote: > Hi, > > i am using mod_sec and

unread,

Rule 942100 - filter by libinjection fingerprints

Hi AW, On Wed, Oct 19, 2022 at 02:31:32AM -0700, AW wrote: > Hi, > > i am using mod_sec and

10/19/22

Blason R, Franziska Buehler3

8/7/22

Use only Malicious country Rule

Thanks for the reply team - On Sun, Aug 7, 2022, 18:38 Franziska Buehler <franziska.buehler@owasp.

unread,

Use only Malicious country Rule

Thanks for the reply team - On Sun, Aug 7, 2022, 18:38 Franziska Buehler <franziska.buehler@owasp.

8/7/22

边明凯, azurit2

6/13/22

Is there any way to identiy which pattern to trigger the owasp crs rule ?

Hi, you can find all information in the web server error logs - what web server are you running? Also

unread,

Is there any way to identiy which pattern to trigger the owasp crs rule ?

Hi, you can find all information in the web server error logs - what web server are you running? Also

6/13/22

林小柔, Felipe Zipitria2

5/29/22

Is the rule of CSRF contained in OWASP CRS 3.2.0 version?

The rule was present in early versions but since mostly all web frameworks have caught up and it

unread,

Is the rule of CSRF contained in OWASP CRS 3.2.0 version?

The rule was present in early versions but since mostly all web frameworks have caught up and it

5/29/22

4/28/22

Core Rule Set v4.0.0 Release Candidate 1 available

The OWASP ModSecurity Core Rule Set team is proud to announce the Release Candidate 1 for the

unread,

Core Rule Set v4.0.0 Release Candidate 1 available

The OWASP ModSecurity Core Rule Set team is proud to announce the Release Candidate 1 for the

4/28/22

成会明, Ervin Hegedüs3

2/22/22

coreruleset test not works as expected.

Hi, can you show your "modsec3-nginx" file content? Regards, a. On Tue, Feb 22, 2022 at 8:

unread,

coreruleset test not works as expected.

Hi, can you show your "modsec3-nginx" file content? Regards, a. On Tue, Feb 22, 2022 at 8:

2/22/22

Phan Thanh Bình, Andrew Howe4

1/14/22

Quote in file name violates SecRule FILES_NAMES|FILES

Hi, > I remember I already tried with latest, still same as there is no diff actually. To be clear

unread,

Quote in file name violates SecRule FILES_NAMES|FILES

Hi, > I remember I already tried with latest, still same as there is no diff actually. To be clear

1/14/22

Phan Thanh Bình, Ervin Hegedüs13

1/12/22

Why MULTIPART_STRICT_ERROR does not include REQBODY_PROCESSOR_ERROR as specification?

Hi, On Wed, Jan 12, 2022 at 03:41:41AM -0800, Phan Thanh Bình wrote: > Regarding the 'Content-

unread,

Why MULTIPART_STRICT_ERROR does not include REQBODY_PROCESSOR_ERROR as specification?

Hi, On Wed, Jan 12, 2022 at 03:41:41AM -0800, Phan Thanh Bình wrote: > Regarding the 'Content-

1/12/22

Phan Thanh Bình, … Ervin Hegedüs14

1/11/22

How to check the installed version of modsecurity?

Did you get the error message from your rule 200007? -> Yes I also thought to start new thread but

unread,

How to check the installed version of modsecurity?

Did you get the error message from your rule 200007? -> Yes I also thought to start new thread but

1/11/22

Matthias Apitz, Christian Folini4

1/10/22

CVE-2016-1182, CVE-2016-1181, CVE-2015-0899, CVE-2014-0114

Hey Matthias, We share the same problem very often. Sometimes they come with the advisory as an

unread,

CVE-2016-1182, CVE-2016-1181, CVE-2015-0899, CVE-2014-0114

Hey Matthias, We share the same problem very often. Sometimes they come with the advisory as an

1/10/22

Christian Folini

12/22/21

Talking about CRS, Modsecurity and the new Coraza WAF

Dear all, CRS has published a blog post about ModSecurity. In this article we lay down our position

unread,

Talking about CRS, Modsecurity and the new Coraza WAF

Dear all, CRS has published a blog post about ModSecurity. In this article we lay down our position

12/22/21

Max Mustermann, … Ervin Hegedüs3

12/19/21

cronupdate OWAS Core Rule Set (CRS)

Hi Mike, On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule

unread,

cronupdate OWAS Core Rule Set (CRS)

Hi Mike, On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule

12/19/21

Elia Pinto, … Christian Folini3

12/18/21

Hey Elia, Adding to this, let me suggest the following: If a certain attack is only detected at a

unread,

Hey Elia, Adding to this, let me suggest the following: If a certain attack is only detected at a

12/18/21

Steve Hanselman, Ervin Hegedüs3

12/15/21

How do people handle false positives on (e.g.) bootstrap css files?

Perfect, many thanks for the guidance, I'll pop that in. Specifically it's part of the

unread,

How do people handle false positives on (e.g.) bootstrap css files?

Perfect, many thanks for the guidance, I'll pop that in. Specifically it's part of the

12/15/21

Kirk Jackson, Manuel Spartan2

11/3/21

SecAuditLog in a containerised kubernetes environment

Hi Kirk, there are several options the Kubernetes documentation has a section about logging

unread,

SecAuditLog in a containerised kubernetes environment

Hi Kirk, there are several options the Kubernetes documentation has a section about logging

11/3/21

Florian Ockhuysen, … Christian Folini11

8/30/21

How to make Anomaly scores to be shown in Nginx error log?

Thank you very much. Christian On Sat, Aug 28, 2021 at 03:06:44PM -0700, Florian Ockhuysen wrote:

unread,

How to make Anomaly scores to be shown in Nginx error log?

Thank you very much. Christian On Sat, Aug 28, 2021 at 03:06:44PM -0700, Florian Ockhuysen wrote:

8/30/21

Shakil Ahamed, Christian Folini5

8/9/21

I cannot find modsecurity in my /usr/local/ directory

I have solved the issue by reinstalling ModSecurity 3 Regards On Monday, August 9, 2021 at 2:48:30 PM

unread,

I cannot find modsecurity in my /usr/local/ directory

I have solved the issue by reinstalling ModSecurity 3 Regards On Monday, August 9, 2021 at 2:48:30 PM

8/9/21

Kamrul Hasan, Christian Folini2

7/28/21

Which rules to enable from the available 15138 ModSecurity Commercial rules for a Banking App

Hey Kamrul, On Mon, Jul 26, 2021 at 09:31:58PM -0700, Kamrul Hasan wrote: > We have purchased a

unread,

Which rules to enable from the available 15138 ModSecurity Commercial rules for a Banking App

Hey Kamrul, On Mon, Jul 26, 2021 at 09:31:58PM -0700, Kamrul Hasan wrote: > We have purchased a

7/28/21

Christian Folini

6/28/21

Upcoming OWASP ModSecurity Core Rule Set Security Releases

Dear all, A security problem with the OWASP ModSecurity Core Rule Set has been brought to our

unread,

Upcoming OWASP ModSecurity Core Rule Set Security Releases

Dear all, A security problem with the OWASP ModSecurity Core Rule Set has been brought to our

6/28/21

Search

Clear search

Close search

Google apps

Main menu