ModSecurity

Overview

ModSecurity Core Rule Set (CRS) is an open-source rule set for the ModSecurity engine, hosted at https://github.com/coreruleset/coreruleset. It uses pattern matching and anomaly scoring to detect common attacks (such as SQL injection, XSS, RCE, etc.) and can serve as the default protection layer for a WAF.

Key features & highlights

Generic attack protection: covers SQLi, XSS, file inclusion, command injection, and more.
Tunable and normalized: supports request normalization, rule tuning, anomaly scoring, and exclusion rules to reduce false positives.
Community-driven and regularly updated: maintained by the community with timely responses to new threats.

Use cases and target users

Suitable for cloud platforms, web hosting providers, DevOps teams, security engineers, and teams that need to deploy virtual patches quickly.

Benefits

Open-source and free; mature and stable
Compatible with multiple web servers/engines (ModSecurity, nginx, Apache, etc.)
Easy to integrate into CI/CD pipelines and SIEMs, improving compliance and observability

Overview

Key features & highlights

Generic attack protection: covers SQLi, XSS, file inclusion, command injection, and more.
Tunable and normalized: supports request normalization, rule tuning, anomaly scoring, and exclusion rules to reduce false positives.
Community-driven and regularly updated: maintained by the community with timely responses to new threats.

Use cases and target users

Suitable for cloud platforms, web hosting providers, DevOps teams, security engineers, and teams that need to deploy virtual patches quickly.

Benefits

Open-source and free; mature and stable
Compatible with multiple web servers/engines (ModSecurity, nginx, Apache, etc.)
Easy to integrate into CI/CD pipelines and SIEMs, improving compliance and observability