[Owasp-modsecurity-core-rule-set] [mod-security-users] Announcing Release of OWASP ModSecurity CRS v2.1.2

Ryan Barnett RBarnett at trustwave.com
Wed Mar 2 08:26:06 EST 2011

Has anyone had a chance to try out the new profiling rules?  I am
interested to hear feedback.


On 2/17/11 4:52 PM, "Ryan Barnett" <RBarnett at trustwave.com> wrote:

>Hello everyone,
>I am pleased to announce the release of the OWASP ModSecurity Core Rule
>Set (CRS) v2.1.2.  This is a significant update as we have added a couple
>very important capabilities.
>Version 2.1.2 - 02/17/2011
>- Added experimental real-time application profiling ruleset.
>- Added experimental Lua script for profiling the # of page scripts,
>iframes, etc..
>  which will help to identify successful XSS attacks and planting of
>malware links.
>- Added new CSRF detection rule which will trigger if a subsequent
>request comes too
>  quickly (need to use the Ignore Static Content rules).
>Bug Fixes:
>- Added missing " in the skipAfter SecAction in the CC Detection rule set
>Manual Downloading:
>You can always download the latest CRS version here -
>Automated Downloading:
>Use the rules-updater.pl script in the CRS /util directory
># Get a list of what the repository contains:
>$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/
>Repository: http://www.modsecurity.org/autoupdate/repository
>modsecurity-crs {
>          2.0.0: modsecurity-crs_2.0.0.zip
>          2.0.1: modsecurity-crs_2.0.1.zip
>          2.0.2: modsecurity-crs_2.0.2.zip
>          2.0.3: modsecurity-crs_2.0.3.zip
>          2.0.4: modsecurity-crs_2.0.4.zip
>          2.0.5: modsecurity-crs_2.0.5.zip
>          2.0.6: modsecurity-crs_2.0.6.zip
>          2.0.7: modsecurity-crs_2.0.7.zip
>          2.0.8: modsecurity-crs_2.0.8.zip
>          2.0.9: modsecurity-crs_2.0.9.zip
>          2.0.9: modsecurity-crs_2.0.10.zip
>          2.1.0: modsecurity-crs_2.1.0.zip
>          2.1.1: modsecurity-crs_2.1.1.zip
>          2.1.2: modsecurity-crs_2.1.2.zip
># Get the latest stable version of "modsecurity-crs":
>$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/
>-prules -Smodsecurity-crs
>Fetching: modsecurity-crs/modsecurity-crs_2.1.2.zip ...
>$ ls -R rules
>modsecurity-crs_2.1.2.zip    modsecurity-crs_2.1.2.zip.sig
>Ryan Barnett
>Senior Security Researcher
>Trustwave - SpiderLabs
>This transmission may contain information that is privileged,
>confidential, and/or exempt from disclosure under applicable law. If you
>are not the intended recipient, you are hereby notified that any
>disclosure, copying, distribution, or use of the information contained
>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
>received this transmission in error, please immediately contact the
>sender and destroy the material in its entirety, whether in electronic or
>hard copy format.
>The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>Pinpoint memory and threading errors before they happen.
>Find and fix more than 250 security defects in the development cycle.
>Locate bottlenecks in serial and parallel code that limit performance.
>mod-security-users mailing list
>mod-security-users at lists.sourceforge.net
>Commercial ModSecurity Appliances, Rule Sets and Support:

More information about the Owasp-modsecurity-core-rule-set mailing list