ModSecurity is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity must be configured with rules.
In order to enable users to take full advantage of ModSecurity out of the box, Trustwave’s SpiderLabs is providing a free certified rule set for ModSecurity.
The Core Rules provide generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity.
Improvements in the new version:
- Added Watcher Cookie Checks to optional_rules/modsecurity_crs_55_appication_defects.conf file.
- Added Watcher Charset Checks to optional_rules/modsecurity_crs_55_application_defects.conf file.
- Added Watcher Header Checks to optional_rules/modsecurity_crs_55_application_defects.conf file.
Latest bug fixes:
- Fixed Content-Type evasion issue by adding ctl:forceRequestBodyVariable action to rule ID 960010.
- Updated the regex and added tags for RFI rules.