Security 10806 Published by

The release candidate of the OWASP ModSecurity Core Rule Set 3.3.1 for ModSecurity has been released.





The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.

New in 3.3.1:

New functionality:
* Add early blocking mode (tx.blocking_early) to block at the end of phase:1 and phase:3 (Christian Folini)

Fixes and improvements:
* Run rules as early as possible, by decreasing phase:2 to phase:1 and phase:4 to phase:3 where the variables allow it (Ervin Hegedus)

Modsecurity

Download OWASP ModSecurity Core Rule Set 3.3.1-rc1