ModSecurity
Security Tools
Open-source Web Application Firewall rule set
Overview
ModSecurity Core Rule Set (CRS) is an open-source rule set for the ModSecurity engine, hosted at https://github.com/coreruleset/coreruleset. It uses pattern matching and anomaly scoring to detect common attacks (such as SQL injection, XSS, RCE, etc.) and can serve as the default protection layer for a WAF.
Key features & highlights
- Generic attack protection: covers SQLi, XSS, file inclusion, command injection, and more.
- Tunable and normalized: supports request normalization, rule tuning, anomaly scoring, and exclusion rules to reduce false positives.
- Community-driven and regularly updated: maintained by the community with timely responses to new threats.
Use cases and target users
Suitable for cloud platforms, web hosting providers, DevOps teams, security engineers, and teams that need to deploy virtual patches quickly.
Benefits
- Open-source and free; mature and stable
- Compatible with multiple web servers/engines (
ModSecurity, nginx, Apache, etc.) - Easy to integrate into CI/CD pipelines and SIEMs, improving compliance and observability