The release candidate of the OWASP ModSecurity Core Rule Set 3.3.1 for ModSecurity has been released.
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
New in 3.3.1:
New functionality:
* Add early blocking mode (tx.blocking_early) to block at the end of phase:1 and phase:3 (Christian Folini)
Fixes and improvements:
* Run rules as early as possible, by decreasing phase:2 to phase:1 and phase:4 to phase:3 where the variables allow it (Ervin Hegedus)
Download OWASP ModSecurity Core Rule Set 3.3.1-rc1