This is a list of rules from the OWASP ModSecurity Core Rule Set.
- Handling of false positives / false alarms / blocking of legitimate traffic is explained in this tutorial.
- This page here covers the 3.x release(s). The rule IDs from the 2.x.x release(s) are not listed / covered. Look here for some infos.
- Helper rules are omitted.
- Click on link to be taken to github and land on the definition of the rule.
- The link to github points to the 3.0 dev tree.
- The description / message is the msg action from the rule definition mostly.
- Individual rules in this page can be reached via a shortcut. E.g., https://netnea.com/crs/942100.
- If you are lazy, then create a dynamic bookmark and call it with the rule ID as parameter in the address line of the browser: e.g., crs 942100.
- You like what you see? Why don’t you follow me on twitter @ChrFolini to learn about new ModSecurity stuff I publish.
[php]
Include “/var/www/www.netnea.com/pages/crs-inventory/crs-inventory.html”;
[/php]