[Owasp-leaders] Seasons Greetings! Announcing Release of ModSecurity Core Rule Set (CRS) V2.1.0

Ryan Barnett ryan.barnett at owasp.org
Wed Dec 29 15:03:00 EST 2010

Greetings everyone,
I am pleased to announce the release of the OWASP ModSecurity Core Rule Set
(CRS) v2.1.0.  This is a significant update as we have added many new

Version 2.1.0 - 12/29/2010

- Added Experimental Lua Converter script to normalize payloads. Based on
  PHPIDS Converter code and it used with the advanced filters conf file.
- Changed the name of PHPIDS converted rules to Advanced Filters
- Added Ignore Static Content (Performance enhancement) rule set
- Added XML Enabler (Web Services) rule set which will parse XML data
- Added Authorized Vulnerability Scanning (AVS) Whitelist rule set
- Added Denial of Service (DoS) Protection rule set
- Added Slow HTTP DoS (Connection Consumption) Protection rule set
- Added Brute Force Attack Protection rule set
- Added Session Hijacking Detection rule set
- Added Username Tracking rule set
- Added Authentication Tracking rule set
- Added Anti-Virus Scanning of File Attachments rule set
- Added AV Scanning program to /util directory
- Added Credit Card Usage Tracking/Leakage Prevention rule set
- Added experimental CC Track/PAN Leakage Prevention rule set
- Added an experimental_rules directory to hold new BETA rules
- Moved the local exceptions conf file back into base_rules dirctory however
  it has a ".example" extension to prevent overwriting customized versions
  when upgrading
- Separated out HTTP Parameter Pollution and Restricted Character Anomaly
Detection rules to
  the experimental_rules directory
- Adding the REQUEST_HEADERS:User-Agent macro data to the initcol in 10
config file, which will
  help to make collections a bit more unique

Manual Downloading:
You can always download the latest CRS version here -

Automated Downloading:
Use the rules-updater.pl script in the CRS /util directory

# Get a list of what the repository contains:
$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -l

Repository: http://www.modsecurity.org/autoupdate/repository

modsecurity-crs {
          2.0.0: modsecurity-crs_2.0.0.zip
          2.0.1: modsecurity-crs_2.0.1.zip
          2.0.2: modsecurity-crs_2.0.2.zip
          2.0.3: modsecurity-crs_2.0.3.zip
          2.0.4: modsecurity-crs_2.0.4.zip
          2.0.5: modsecurity-crs_2.0.5.zip
          2.0.6: modsecurity-crs_2.0.6.zip
          2.0.7: modsecurity-crs_2.0.7.zip
          2.0.8: modsecurity-crs_2.0.8.zip
          2.0.9: modsecurity-crs_2.0.9.zip
          2.0.9: modsecurity-crs_2.0.10.zip
          2.1.0: modsecurity-crs_2.1.0.zip

# Get the latest stable version of "modsecurity-crs":
$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/
-prules -Smodsecurity-crs
Fetching: modsecurity-crs/modsecurity-crs_2.1.0.zip ...
$ ls -R rules

modsecurity-crs_2.1.0.zip    modsecurity-crs_2.1.0.zip.sig

Ryan Barnett
Senior Security Researcher
Trustwave - SpiderLabs
ModSecurity Community Manager
OWASP ModSecurity CRS Project Leader

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101229/92d4fa76/attachment.html 

More information about the OWASP-Leaders mailing list