ModSecurity Core Rule Set project

1–30 of 49

Welcome to the OWASP Core Rule Set (CRS) project mailing list. Feel free to ask support and general questions about the projects or associated issues and we will do our best to support you.

- CRS Project Leads

0 selected

Apr 28

Core Rule Set v4.0.0 Release Candidate 1 available

The OWASP ModSecurity Core Rule Set team is proud to announce the Release Candidate 1 for the

unread,

Core Rule Set v4.0.0 Release Candidate 1 available

The OWASP ModSecurity Core Rule Set team is proud to announce the Release Candidate 1 for the

Apr 28

成会明, Ervin Hegedüs3

Feb 22

coreruleset test not works as expected.

Hi, can you show your "modsec3-nginx" file content? Regards, a. On Tue, Feb 22, 2022 at 8:

unread,

coreruleset test not works as expected.

Hi, can you show your "modsec3-nginx" file content? Regards, a. On Tue, Feb 22, 2022 at 8:

Feb 22

Phan Thanh Bình, Andrew Howe4

Jan 14

Quote in file name violates SecRule FILES_NAMES|FILES

Hi, > I remember I already tried with latest, still same as there is no diff actually. To be clear

unread,

Quote in file name violates SecRule FILES_NAMES|FILES

Hi, > I remember I already tried with latest, still same as there is no diff actually. To be clear

Jan 14

Phan Thanh Bình, Ervin Hegedüs13

Jan 12

Why MULTIPART_STRICT_ERROR does not include REQBODY_PROCESSOR_ERROR as specification?

Hi, On Wed, Jan 12, 2022 at 03:41:41AM -0800, Phan Thanh Bình wrote: > Regarding the 'Content-

unread,

Why MULTIPART_STRICT_ERROR does not include REQBODY_PROCESSOR_ERROR as specification?

Hi, On Wed, Jan 12, 2022 at 03:41:41AM -0800, Phan Thanh Bình wrote: > Regarding the 'Content-

Jan 12

Phan Thanh Bình, … Ervin Hegedüs14

Jan 11

How to check the installed version of modsecurity?

Did you get the error message from your rule 200007? -> Yes I also thought to start new thread but

unread,

How to check the installed version of modsecurity?

Did you get the error message from your rule 200007? -> Yes I also thought to start new thread but

Jan 11

Matthias Apitz, Christian Folini4

Jan 10

CVE-2016-1182, CVE-2016-1181, CVE-2015-0899, CVE-2014-0114

Hey Matthias, We share the same problem very often. Sometimes they come with the advisory as an

unread,

CVE-2016-1182, CVE-2016-1181, CVE-2015-0899, CVE-2014-0114

Hey Matthias, We share the same problem very often. Sometimes they come with the advisory as an

Jan 10

Christian Folini

12/22/21

Talking about CRS, Modsecurity and the new Coraza WAF

Dear all, CRS has published a blog post about ModSecurity. In this article we lay down our position

unread,

Talking about CRS, Modsecurity and the new Coraza WAF

Dear all, CRS has published a blog post about ModSecurity. In this article we lay down our position

12/22/21

Max Mustermann, … Ervin Hegedüs3

12/19/21

cronupdate OWAS Core Rule Set (CRS)

Hi Mike, On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule

unread,

cronupdate OWAS Core Rule Set (CRS)

Hi Mike, On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule

12/19/21

Elia Pinto, … Christian Folini3

12/18/21

Hey Elia, Adding to this, let me suggest the following: If a certain attack is only detected at a

unread,

Hey Elia, Adding to this, let me suggest the following: If a certain attack is only detected at a

12/18/21

Steve Hanselman, Ervin Hegedüs3

12/15/21

How do people handle false positives on (e.g.) bootstrap css files?

Perfect, many thanks for the guidance, I'll pop that in. Specifically it's part of the

unread,

How do people handle false positives on (e.g.) bootstrap css files?

Perfect, many thanks for the guidance, I'll pop that in. Specifically it's part of the

12/15/21

Kirk Jackson, Manuel Spartan2

11/3/21

SecAuditLog in a containerised kubernetes environment

Hi Kirk, there are several options the Kubernetes documentation has a section about logging

unread,

SecAuditLog in a containerised kubernetes environment

Hi Kirk, there are several options the Kubernetes documentation has a section about logging

11/3/21

Florian Ockhuysen, … Christian Folini11

8/30/21

How to make Anomaly scores to be shown in Nginx error log?

Thank you very much. Christian On Sat, Aug 28, 2021 at 03:06:44PM -0700, Florian Ockhuysen wrote:

unread,

How to make Anomaly scores to be shown in Nginx error log?

Thank you very much. Christian On Sat, Aug 28, 2021 at 03:06:44PM -0700, Florian Ockhuysen wrote:

8/30/21

Shakil Ahamed, Christian Folini5

8/9/21

I cannot find modsecurity in my /usr/local/ directory

I have solved the issue by reinstalling ModSecurity 3 Regards On Monday, August 9, 2021 at 2:48:30 PM

unread,

I cannot find modsecurity in my /usr/local/ directory

I have solved the issue by reinstalling ModSecurity 3 Regards On Monday, August 9, 2021 at 2:48:30 PM

8/9/21

Kamrul Hasan, Christian Folini2

7/28/21

Which rules to enable from the available 15138 ModSecurity Commercial rules for a Banking App

Hey Kamrul, On Mon, Jul 26, 2021 at 09:31:58PM -0700, Kamrul Hasan wrote: > We have purchased a

unread,

Which rules to enable from the available 15138 ModSecurity Commercial rules for a Banking App

Hey Kamrul, On Mon, Jul 26, 2021 at 09:31:58PM -0700, Kamrul Hasan wrote: > We have purchased a

7/28/21

Christian Folini

6/28/21

Upcoming OWASP ModSecurity Core Rule Set Security Releases

Dear all, A security problem with the OWASP ModSecurity Core Rule Set has been brought to our

unread,

Upcoming OWASP ModSecurity Core Rule Set Security Releases

Dear all, A security problem with the OWASP ModSecurity Core Rule Set has been brought to our

6/28/21

Andrew Howe, Christian Folini4

4/13/21

Why is SecDefaultAction defined twice by default?

On Tue, Apr 13, 2021 at 11:38:45AM +0100, Andrew Howe wrote: > Hi Christian, > > A-hah, that

unread,

Why is SecDefaultAction defined twice by default?

On Tue, Apr 13, 2021 at 11:38:45AM +0100, Andrew Howe wrote: > Hi Christian, > > A-hah, that

4/13/21

Blason R, Christian Folini5

3/22/21

Does CRS support protection from HTTP Request Smuggling attacks?

Awesome and thank you Sire :) On Mon, Mar 22, 2021 at 2:51 PM Christian Folini <christian.folini@

unread,

Does CRS support protection from HTTP Request Smuggling attacks?

Awesome and thank you Sire :) On Mon, Mar 22, 2021 at 2:51 PM Christian Folini <christian.folini@

3/22/21

Larry David, Ervin Hegedüs3

3/9/21

913100 Detecting but not Blocking

Yes of course - SecDefaultAction. I had all SecDefaultAction lines # out such as #SecDefaultAction

unread,

913100 Detecting but not Blocking

Yes of course - SecDefaultAction. I had all SecDefaultAction lines # out such as #SecDefaultAction

3/9/21

Andrew Howe, Christian Folini2

11/16/20

Memory issue with specific CRS rules (variable expansion in compiled operators)

Hey Andrew, I think you never got a response for this. Personally, I was not aware of this problem.

unread,

Memory issue with specific CRS rules (variable expansion in compiled operators)

Hey Andrew, I think you never got a response for this. Personally, I was not aware of this problem.

11/16/20

oma...@gmail.com

10/27/20

exclusion for attack-lfi

Hello, there are many occurrences of single double dot '/../' in sites I try to protect by

unread,

exclusion for attack-lfi

Hello, there are many occurrences of single double dot '/../' in sites I try to protect by

10/27/20

rsomme...@cloudflare.com, … Christian Folini3

10/15/20

Allow HTTP/3 by default in 901163/920430

On Tue, Oct 13, 2020 at 04:52:46AM -0700, 'Barry Pollard' via ModSecurity Core Rule Set

unread,

Allow HTTP/3 by default in 901163/920430

On Tue, Oct 13, 2020 at 04:52:46AM -0700, 'Barry Pollard' via ModSecurity Core Rule Set

10/15/20

Christian Folini

9/14/20

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)

Dear all, ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global

unread,

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)

Dear all, ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global

9/14/20

Mike Melo, Ervin Hegedüs7

8/13/20

tried ftwrunner, most tests failing

ok thanks for that, will check out the skipped test details... On Thursday, August 13, 2020 at 5:14:

unread,

tried ftwrunner, most tests failing

ok thanks for that, will check out the skipped test details... On Thursday, August 13, 2020 at 5:14:

8/13/20

Mike Melo, … Christian Folini4

8/11/20

CRS regression tests

On Tue, Aug 11, 2020 at 02:22:06PM -0700, Mike Melo wrote: > Thank you!!!! > > this

unread,

CRS regression tests

On Tue, Aug 11, 2020 at 02:22:06PM -0700, Mike Melo wrote: > Thank you!!!! > > this

8/11/20

johan fillon, Ruben van Vreeland3

7/29/20

How to log in Anomaly Scoring mode + change the default http status 403 ??

Hello Ruben, thanks for your answer. Having a nolog in my configuration on the lines SecAction "

unread,

How to log in Anomaly Scoring mode + change the default http status 403 ??

Hello Ruben, thanks for your answer. Having a nolog in my configuration on the lines SecAction "

7/29/20

7/1/20

Core Rule Set v3.3.0 available

The OWASP ModSecurity Core Rule Set team is proud to announce the final release for CRS v3.3.0. For

unread,

Core Rule Set v3.3.0 available

The OWASP ModSecurity Core Rule Set team is proud to announce the final release for CRS v3.3.0. For

7/1/20

Alex Hautequest, Christian Folini2

6/30/20

CRS for limiting path names length/count

Hey Alex, There is no prepared rule for this. So you may want to write one yourself. SecRule

unread,

CRS for limiting path names length/count

Hey Alex, There is no prepared rule for this. So you may want to write one yourself. SecRule

6/30/20

6/18/20

OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 2 available

The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 2 for the

unread,

OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 2 available

The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 2 for the

6/18/20

6/10/20

Re: [mod-security-users] CentOS 8 Build moving modules to new server

hi Joe, On Wed, Jun 10, 2020 at 03:15:46PM +0000, Madden, Joe via mod-security-users wrote: > Hi

unread,

Re: [mod-security-users] CentOS 8 Build moving modules to new server

hi Joe, On Wed, Jun 10, 2020 at 03:15:46PM +0000, Madden, Joe via mod-security-users wrote: > Hi

6/10/20

5/27/20

SecGeoLookupDB & file format

Greetings, I would like to use the GeoIP feature of CRS to block by country-IP, however the crs-setup

unread,

SecGeoLookupDB & file format

Greetings, I would like to use the GeoIP feature of CRS to block by country-IP, however the crs-setup

5/27/20

Search

Clear search

Close search

Google apps

Main menu