Announcements
- Sunday, 20th January, 2019
- 08:58am
OWASP ModSecurity CRS
The OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set) is a set of rules that Apache's ModSecurity™ module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.
About OWASP
Why should I use the OWASP ModSecurity rule set?
- Protection from insecure web application design — ModSecurity rule sets can provide a layer of protection for web applications such as WordPress, phpBB, or other types of web applications. It can potentially protect against vulnerabilities in out-of-date web applications that protect against vulnerabilities in unpatched, out-of-date applications. If the developer of an application makes a security mistake, ModSecurity may block a security attack before it can access the vulnerable application.
-
Protection against operating system level attack — ModSecurity rule sets can protect against attacks that exploit the operating system of your server. For example, in 2014, there was a security flaw in the Bash shell program that Linux servers use. Security experts created ModSecurity rules to disallow the use of the exploit thought Apache. Server administrators used these ModSecurity rules and added additional security to their system until the release of a security patch for Bash shell.
-
Protect against generalized malicious traffic — Some of the security threats that server administrators face may not directly attack a program or application on your server. DoS (Denial of Service) attacks, for example, are common attacks. You can reduce the impact of such malicious traffic through the use of ModSecurity rules.
The Core Rule Set provides protection against many common attack categories, including:
SQL Injection (SQLi)
Cross Site Scripting (XSS)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
Remote Code Execution (RCE)
PHP Code Injection
HTTP Protocol ViolationsHTTPoxy
Shellshock
Session Fixation
Scanner Detection
Metadata/Error Leakages
Project Honey Pot Blacklist
GeoIP Country Blocking
The Core Rule Set is free software, distributed under Apache Software License version 2.New Features in CRS 3
CRS 3 includes many coverage improvements, plus the following new features:- Over 90% reduction of false alerts in a default install
- A user-defined Paranoia Level to enable additional strict checks
- Application-specific exclusions for WordPress Core and Drupal
- Sampling mode runs the CRS on a user-defined percentage of traffic
- SQLi/XSS parsing using libinjection embedded in ModSecurity
Additional Features
Faster Scanning with SpamAssassin
Apache SpamAssassin's performance is improving, including up to 60% faster message scanning, making email delivery even better. | Register
HostSectors | Support Team
cPanel & OWASP ModSecurity CRS are registered trademarks of cPanel, Inc. & OWASP ModSecurity Core Rule Set (CRS) © 2006-2016 Trustwave and contributors. for providing their computer software that facilitates the management and configuration of Internet web servers. ®2019 All rights reserved.
Empowered By Engineers! We're In The Business of Delivering You NextGen Front-End Technologies! Our Cloud Experts are available to help you with any complex issues whenever you need them. We offer FREE Tier-3 Administrative support to help you with your most complex projects.
800 West El Camino Real, Suite 180 Mountain View, CA 94040 - USA