CRS3

The OWASP CRS Sampling Mode

This entry was posted in Security and tagged CRS CRS3 modsecurity Sampling Mode on 25.05.2021 by Christian Folini

Running ModSecurity CRS for the first time on an existing service is like a jump into murky water.
With the sampling mode you can run CRS on a limited percentage of the traffic, which reduces the risk a big deal.

An A7 First Aid Kit

This entry was posted in Security and tagged apache Core Rule Set CRS3 ModRewrite modsecurity OWASP Top10 security SSL/TLS on 30.05.2017 by Christian Folini

Let’s consider Dave Wichers and the OWASP Top 10 project resists all the pressure and the 2017 edition of OWASP Top 10 will include the new A7 “Insufficient Attack Protection”. Lately the discussion has turned more constructive so maybe that prospect is not all that unrealistic. But honestly, I can not tell if A7 will […]

Securing Drupal with ModSecurity and the Core Rule Set (CRS3)

This entry was posted in Security and tagged core-rules CRS CRS3 drupal modsecurity security on 22.11.2016 by Christian Folini

The new Core Rule Set 3.0 (CRS3) release simplifies ModSecurity/Drupal integration tremendously. Here is a guide aimed at the Drupal community to learn how to work with ModSecurity. This guide and the rule file it is based on currently covers Drupal Core. Modules / Plugins are not yet supported. But count on the Drupal community […]

Network Management. Security. OpenSource.

Network Management. Security. OpenSource.

CRS3

The OWASP CRS Sampling Mode

An A7 First Aid Kit

Securing Drupal with ModSecurity and the Core Rule Set (CRS3)