Announcing Release of OWASP ModSecurity Core Rule Set v2.1.0

I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.1.0. This is a significant update as we have added many new capabilities.

CHANGE LOG -

--------------------------

Version 2.1.0 - 12/29/2010

--------------------------

Improvements:

- Added Experimental Lua Converter script to normalize payloads. Based on PHPIDS Converter code and it used with the advanced filters conf file.

- Changed the name of PHPIDS converted rules to Advanced Filters

- Added Ignore Static Content (Performance enhancement) rule set

- Added XML Enabler (Web Services) rule set which will parse XML data

- Added Authorized Vulnerability Scanning (AVS) Whitelist rule set

- Added Denial of Service (DoS) Protection rule set

- Added Slow HTTP DoS (Connection Consumption) Protection rule set

- Added Brute Force Attack Protection rule set

- Added Session Hijacking Detection rule set

- Added Username Tracking rule set

- Added Authentication Tracking rule set

- Added Anti-Virus Scanning of File Attachments rule set

- Added AV Scanning program to /util directory

- Added Credit Card Usage Tracking/Leakage Prevention rule set

- Added experimental CC Track/PAN Leakage Prevention rule set

- Added an experimental_rules directory to hold new BETA rules

- Moved the local exceptions conf file back into base_rules dirctory however it has a ".example" extension to prevent overwriting customized versions when upgrading

- Separated out HTTP Parameter Pollution and Restricted Character Anomaly Detection rules to the experimental_rules directory

- Adding the REQUEST_HEADERS:User-Agent macro data to the initcol in 10 config file, which will help to make collections a bit more unique

--------------------------

DOWNLOADING

--------------------------

Manual Downloading:

You can always download the latest CRS version here -

https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/

Automated Downloading:

Use the rules-updater.pl script in the CRS /util directory

# Get a list of what the repository contains:

$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -l

Repository: http://www.modsecurity.org/autoupdate/repository

modsecurity-crs {

2.0.0: modsecurity-crs_2.0.0.zip

2.0.1: modsecurity-crs_2.0.1.zip

2.0.2: modsecurity-crs_2.0.2.zip

2.0.3: modsecurity-crs_2.0.3.zip

2.0.4: modsecurity-crs_2.0.4.zip

2.0.5: modsecurity-crs_2.0.5.zip

2.0.6: modsecurity-crs_2.0.6.zip

2.0.7: modsecurity-crs_2.0.7.zip

2.0.8: modsecurity-crs_2.0.8.zip

2.0.9: modsecurity-crs_2.0.9.zip

2.0.9: modsecurity-crs_2.0.10.zip

2.1.0: modsecurity-crs_2.1.0.zip

}

# Get the latest stable version of "modsecurity-crs":

$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -prules -Smodsecurity-crs

Fetching: modsecurity-crs/modsecurity-crs_2.1.0.zip ...

$ ls -R rules

modsecurity-crs

rules/modsecurity-crs:

modsecurity-crs_2.1.0.zip modsecurity-crs_2.1.0.zip.sig

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.