Skip to content

Latest commit

 

History

History
26 lines (17 loc) · 1.63 KB

README.md

File metadata and controls

26 lines (17 loc) · 1.63 KB

OWASP ModSecurity Core Rule Set (CRS) for Liferay

ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules. In order to enable users to take full advantage of ModSecurity™ out of the box, Trustwave's SpiderLabs is sponsoring and maintaining a free certified rule set for the community. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the OWASP ModSecurity Core Rule Set provides generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity™.

This is a fork of original OWASP CRS and contains modified ruleset that works properly with Liferay Portal. Repository is managed and constantly updated by @kgolebiowski

Licensing

(c) 2006-2012 Trustwave

The ModSecurity Core Rule Set is provided to you under the terms and conditions of Apache Software License Version 2 (ASLv2)

http://www.apache.org/licenses/LICENSE-2.0.txt

Mail-List

For more information refer to the OWASP Core Rule Set Project page at http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

Core Rules Mail-list - Suscribe here: https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set Archive: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/

Downloading

You can manually download the latest CRS from the GitHub Repo: https://github.com/SpiderLabs/owasp-modsecurity-crs