├── .gitignore ├── 404.html ├── Gemfile ├── README.md ├── _config.yml ├── _data ├── ow_attributions.json ├── sponsors-gold.json └── sponsors-silver.json ├── _includes ├── sponsors-gold.md └── sponsors-silver.md ├── _sass └── _sponsors.scss ├── assets └── images │ ├── CRS-logo-full_size-512x257.png │ ├── CRS3-movie-poster-thumb.jpeg │ ├── OWASP 20th Anniversary.jpeg │ ├── README.md │ ├── logo.png │ └── sponsors │ ├── SwissPost.png │ ├── google.png │ ├── usp.png │ └── usp.svg ├── index.md ├── info.md ├── leaders.md └── renovate.json /.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ 2 | env 3 | .vscode 4 | _site/ 5 | *.swp 6 | -------------------------------------------------------------------------------- /404.html: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | title: 404 - Not Found 4 | layout: col-generic 5 | 6 | --- 7 | 8 |

9 |

10 |

WHOA THAT PAGE CANNOT BE FOUND

11 |

Try the SEARCH function in the main navigation to find something. If you are looking for chapter information, please see Chapters for the correct chapter. For information about OWASP projects see Projects. For common attacks, vulnerabilities, or information about other community-led contributions see Contributed Content.

12 | 13 |

14 |

If all else fails you can search our historical site.

15 |

16 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | group :jekyll_plugins do 3 | gem "github-pages", '~> 231' 4 | end 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This is the github repository that drives https://owasp.org/www-project-modsecurity-core-rule-set/. 2 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | remote_theme: "owasp/www--site-theme@main" 2 | plugins: 3 | - jekyll-include-cache-0.2.0 -------------------------------------------------------------------------------- /_data/ow_attributions.json: -------------------------------------------------------------------------------- 1 | ["Mirco Massone", "sridhar V sikha"] -------------------------------------------------------------------------------- /_data/sponsors-gold.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "Google", 4 | "src": "assets/images/sponsors/google.png", 5 | "url": "https://google.com/" 6 | }, 7 | { 8 | "name": "United Security Providers", 9 | "src": "assets/images/sponsors/usp.png", 10 | "url": "https://www.united-security-providers.ch/" 11 | } 12 | ] 13 | -------------------------------------------------------------------------------- /_data/sponsors-silver.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "Swiss Post", 4 | "url": "assets/images/sponsors/SwissPost.png" 5 | } 6 | ] 7 | -------------------------------------------------------------------------------- /_includes/sponsors-gold.md: -------------------------------------------------------------------------------- 1 |

2 |

3 | {% for sponsor-gold in include.data %} 4 | 5 | 6 | 7 | {% endfor %} 8 |

9 |

10 | -------------------------------------------------------------------------------- /_includes/sponsors-silver.md: -------------------------------------------------------------------------------- 1 |

2 |

3 | {% for sponsor-silver in include.data %} 4 | 5 |

6 | 7 | {% endfor %} 8 |

9 |

10 | -------------------------------------------------------------------------------- /_sass/_sponsors.scss: -------------------------------------------------------------------------------- 1 | --- 2 | --- 3 | 4 | // start content 5 | .crs-gold-sponsor 6 | font-size: 1.2em 7 | -------------------------------------------------------------------------------- /assets/images/CRS-logo-full_size-512x257.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-modsecurity-core-rule-set/5227ad4cb92a02aafa52964f4d57aff08398916a/assets/images/CRS-logo-full_size-512x257.png -------------------------------------------------------------------------------- /assets/images/CRS3-movie-poster-thumb.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-modsecurity-core-rule-set/5227ad4cb92a02aafa52964f4d57aff08398916a/assets/images/CRS3-movie-poster-thumb.jpeg -------------------------------------------------------------------------------- /assets/images/OWASP 20th Anniversary.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-modsecurity-core-rule-set/5227ad4cb92a02aafa52964f4d57aff08398916a/assets/images/OWASP 20th Anniversary.jpeg -------------------------------------------------------------------------------- /assets/images/README.md: -------------------------------------------------------------------------------- 1 | # placeholder 2 | 3 | Put images you wish to link to in this folder 4 | 5 | link would be in form /assets/images/ 6 | -------------------------------------------------------------------------------- /assets/images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-modsecurity-core-rule-set/5227ad4cb92a02aafa52964f4d57aff08398916a/assets/images/logo.png -------------------------------------------------------------------------------- /assets/images/sponsors/SwissPost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-modsecurity-core-rule-set/5227ad4cb92a02aafa52964f4d57aff08398916a/assets/images/sponsors/SwissPost.png -------------------------------------------------------------------------------- /assets/images/sponsors/google.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-modsecurity-core-rule-set/5227ad4cb92a02aafa52964f4d57aff08398916a/assets/images/sponsors/google.png -------------------------------------------------------------------------------- /assets/images/sponsors/usp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-modsecurity-core-rule-set/5227ad4cb92a02aafa52964f4d57aff08398916a/assets/images/sponsors/usp.png -------------------------------------------------------------------------------- /assets/images/sponsors/usp.svg: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | layout: col-sidebar 4 | title: OWASP CRS 5 | tags: crs 6 | level: 4 7 | type: code 8 | pitch: The OWASP CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. 9 | 10 | --- 11 | 12 | **The 1st Line of Defense Against Web Application Attacks** 13 | 14 | The OWASP CRS is a set of generic attack detection rules for use with [ModSecurity](https://modsecurity.org/) or compatible web application firewalls. It aims to protect web applications from a wide range of attacks, including the [OWASP Top Ten](https://owasp.org/www-project-top-ten/), with a minimum of false alerts. CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, Local File Inclusion, etc. 15 | 16 | ![CRS Logo](assets/images/logo.png) 17 | 18 | The official website of the project can be found at [https://coreruleset.org](https://coreruleset.org). 19 | 20 | ## Getting Started / Tutorials 21 | 22 | To install CRS, you need first to [select your engine](https://coreruleset.org/docs/deployment/engine_integration_options/), and then [install the rules](https://coreruleset.org/docs/deployment/install/). 23 | 24 | ## Licensing 25 | 26 | OWASP CRS is free to use. It is licensed under the [Apache Software License version 2 (ASLv2)](https://www.apache.org/licenses/LICENSE-2.0), so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. 27 | 28 | ## Reporting Issues 29 | 30 | * If you think you've found a false positive in commercially available software and want us to take a look, [submit an issue here](https://github.com/coreruleset/coreruleset/issues/new/choose) on our Github 31 | * Have you found a false negative/bypass? See our [policy](https://github.com/coreruleset/coreruleset/security/policy) first on how to contact us. 32 | 33 | ## Logos 34 | 35 | You can find the project logos in the [OWASP Swag repository](https://github.com/OWASP/owasp-swag/tree/master/projects/crs). 36 | 37 | ## Sponsors 38 | 39 | ### Project Gold Sponsors 40 | 41 | {% include sponsors-gold.md data=site.data.sponsors-gold %} 42 | 43 | ### Project Silver Sponsors 44 | 45 | {% include sponsors-silver.md data=site.data.sponsors-silver %} 46 | -------------------------------------------------------------------------------- /info.md: -------------------------------------------------------------------------------- 1 | [![OWASP 20th Anniversary](assets/images/OWASP 20th Anniversary.jpeg)](https://20thanniversary.owasp.org/) 2 | 3 | ### CRS Information 4 | * [CoreRuleSet.org Website](https://coreruleset.org) 5 | * Flagship Project 6 | * Tool 7 | * Defender 8 | * [Version 4.15.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.15.0) 9 | 10 | ### Downloads or Social Links 11 | * [Installation Tutorial](https://coreruleset.org/docs/deployment/install/) 12 | * [Docker Image](https://hub.docker.com/r/owasp/modsecurity-crs/) 13 | * [GH Container Image](https://github.com/coreruleset/modsecurity-crs-docker/pkgs/container/modsecurity-crs) 14 | * [Twitter](https://twitter.com/coreruleset) 15 | * [OWASP CRS Google Group](https://groups.google.com/a/owasp.org/forum/#!forum/modsecurity-core-rule-set-project) 16 | * [Slack channel](https://owasp.slack.com/archives/CBKGH8A5P) 17 | 18 | ### Code Repository 19 | * [GitHub](https://github.com/coreruleset/coreruleset/) 20 | 21 | ### Change Log 22 | * [See Releases](https://github.com/coreruleset/coreruleset/releases) 23 | 24 | -------------------------------------------------------------------------------- /leaders.md: -------------------------------------------------------------------------------- 1 | ### Leaders 2 | 3 | * [Max Leske](mailto:max.at.crs@gmail.com) 4 | * [Felipe Zipitría](mailto:felipe.zipitria@owasp.org) 5 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "github>coreruleset/renovate-config" 5 | ], 6 | "enabledManagers": [ 7 | "custom.regex" 8 | ], 9 | "customManagers": [ 10 | { 11 | "description": "CRS: Latest Release", 12 | "customType": "regex", 13 | "managerFilePatterns": [ 14 | "/^info\\.md$/" 15 | ], 16 | "matchStringsStrategy": "any", 17 | "matchStrings": [ 18 | "\\[Version (?\\d+\\.\\d+\\.\\d+)\\]", 19 | "\$https://github\\.com/coreruleset/coreruleset/releases/tag/v(?\\d+\\.\\d+\\.\\d+)\$" 20 | ], 21 | "depNameTemplate": "coreruleset/coreruleset", 22 | "datasourceTemplate": "github-releases" 23 | } 24 | ] 25 | } 26 | --------------------------------------------------------------------------------