The OWASP (Open Web Application Security Project) CRS (Core Rule Set) for ModSecurity™ is an open source collection of rules that work with the ModSecurity™ WAF (Web Application Firewall). These rules were designed to provide, easy to use, generic attack detection capabilities to your web application as part of a well balanced defence-in-depth solution.


OWASP ModSecurity CRS is free to use. It is licensed under the Apache Software License version 2 (ASLv2), so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.