OWASP CRS
9.4 OWASP CRS
The OWASP CRS project, formerly known as Core Rule Set, is a set of generic attack detection rules for use with ModSecurity compatible web application firewalls such as OWASP Coraza. CRS is an OWASP Flagship tool project and can be downloaded for either Apache or IIS/Nginx web servers.
What is the CRS?
The CRS are attack detection rules for use with ModSecurity, Coraza and other ModSecurity compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks with a minimum of false alerts. The CRS provides protection against many common attack categories, including those in the OWASP Top Ten.
Why use it?
If an organization is using a Coraza, ModSecurity or compatible Web Application Firewall (WAF) then it is very likely that the CRS is already in use by this WAF. The CRS provides the policy for the Coraza / Modsecurity engine so that traffic to a web application is inspected for various attacks and malicious traffic is blocked.
How to use it
The use of the CRS assumes that a ModSecurity, Coraza or compatible WAF has been installed. Refer to the Coraza tutorial or the ModSecurity on how to do this.
To get started with CRS refer to the CRS installation instructions.
The OWASP Spotlight series provides an overview of how to use this CRS: ‘Project 3 - Core Rule Set (CRS) - 1st Line of Defense’.
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.