Grâce au OWASP Core Rule Set (CRS), vous profitez d'emblée d'une pré-configuration optimale de votre Mod Security qui vous prémunit contre les attaques les plus courantes :
# Attack Detection:
ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the “Swiss Army Knife of web application firewalls.” While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we (OWASP) have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture.
Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.
Les CRS, créées en 1944 et réorganisées en 1948, forment un corps formé aux techniques anti-émeutes suite à la dissolution des Groupes mobiles de réserve (GMR) créés par le régime de Vichy.