Recent Attacks Submitted:

Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: de,en-US;q=0.9,en;q=0.8 Transfer-Encoding : chunked 3a 0

ModSecurity Core Rule Set (CRS)

Current CRS Version - 3.0.0-dev

Please feel free to inject malicious input to stress test the ModSecurity Core Rule Set (CRS). Requests should be directed to with attacks being placed within the "test" parameter. The form accepts both GET and POST request methods. You can either do this via the form below or manually.

The data submitted in the page will be sent to a ModSecurity CRS install for inspection and processing. The response page will report any CRS events that triggered.

If you send an attack payload that is not detected by the CRS, please notify us at any of the following places:

- @ModSecurity on Twitter

- OWASP ModSecurity Core Rule Set Mail-list

- Submit bug report to GitHub

 method=GET enctype=application/x-www-form-urlencoded

Results (txn: (none))


All Matched Rules Shown Below

Return to demo page

Submit an Evasion Report to GitHub