Accept cookies for analytics, social media, and advertising, or learn more and adjust your preferences. These cookies are on by default for visitors outside the UK and EEA. Privacy Notice.
How to install the OWASP Core Rule Set (CRS) with ModSecurity
About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
How to tune the CRS to minimize false positives
What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
ModSecurity is the world’s most popular open source web application firewall (WAF), used by over a million websites today. ModSecurity is the WAF engine and works in conjunction with rules that define malicious behavior, most typically the OWASP Core Rule Set (CRS). The CRS provides protections against SQL Injection (SQLi), Local File Inclusion (LFI), Remote Code Execution (RCE), and many other types of attack. It is community‑maintained and has been battle‑tested for over 12 years.
In this webinar we discuss how to install the CRS with NGINX and ModSecurity, as well as how to tune it. Although the CRS’s default settings minimize false positives, the fear of blocking legitimate users scares many admins away from WAFs. We cover techniques for tuning the CRS to avoid false positives in several types of environments.
