1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[](https://owasp.org/projects/)
[](https://bestpractices.coreinfrastructure.org/projects/1390)
[](https://opensource.org/licenses/Apache-2.0)
# OWASP CRS
The OWASP CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
## Resources
Please see our [website](https://coreruleset.org/) to get introduced to the CRS and view resources on installation, configuration, and working with the CRS.
## Contributing
We strive to make CRS accessible to a wide audience of beginner and experienced users. We are interested in hearing any bug reports, false positive alert reports, evasions, usability issues, and suggestions for new detections.
[Create an issue on GitHub](https://github.com/coreruleset/coreruleset/issues) to report a false positive or false negative (evasion). Please include your installed version and the relevant portions of your ModSecurity audit log.
[Sign up for our Google Group](https://groups.google.com/a/owasp.org/forum/#!forum/modsecurity-core-rule-set-project) to ask general usage questions and participate in discussions on the CRS. Also [here](https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/index) you can find the archives for the previous mailing list.
[Join the #coreruleset channel on OWASP Slack](http://owaspslack.com) to chat about the CRS.
## License
Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
Copyright (c) 2021-2024 CRS project. All rights reserved.
The OWASP CRS is distributed under Apache Software License (ASL) version 2. Please see the enclosed LICENSE file for full details.
|
