diff --git a/rules/optional_rules/modsecurity_crs_42_comment_spam.conf b/rules/optional_rules/modsecurity_crs_42_comment_spam.conf
new file mode 100644
index 00000000..601babd7
--- /dev/null
+++ b/rules/optional_rules/modsecurity_crs_42_comment_spam.conf
@@ -0,0 +1,34 @@
+# ---------------------------------------------------------------
+# Core ModSecurity Rule Set ver.1.6.0-rc3
+# Copyright (C) 2006-2007 Breach Security Inc. All rights reserved.
+#
+# The ModSecuirty Core Rule Set is distributed under GPL version 2
+# Please see the enclosed LICENCE file for full details.
+# ---------------------------------------------------------------
+
+
+#
+# Comment spam is an attack against blogs, guestbooks, wikis and other types of
+#   interactive web sites that accept and display hyperlinks submitted by
+#   visitors. The spammers automatically post specially crafted random comments
+#   which include links that point to the spammer's web site. The links
+#   artificially increas the site's search engine ranking and may make the site
+#   more noticable in search results.
+#
+
+SecDefaultAction "log,pass,phase:2,status:501,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase"
+
+# Prequalifier. Look for <http> first
+SecRule ARGS|ARGS_NAMES "\bhttp:" "skip:1,pass,nolog,id:'999010',severity:'5'"
+
+SecAction pass,nolog,skipAfter:999011
+
+# Look for 2 ways of posting a link
+SecRule ARGS|ARGS_NAMES "\[url\b" "chain,ctl:auditLogParts=+E,deny,log,auditlog,status:400,msg:'Comment Spam',id:'950923',severity:'2'"
+SecRule ARGS|ARGS_NAMES "\<a"
+
+# Look for too many links in argument (Prone to FPs)
+SecRule ARGS|ARGS_NAMES "(http:\/.*?){4}" "ctl:auditLogParts=+E,deny,log,auditlog,status:400,msg:'Comment Spam',id:'950020',severity:'3'"
+
+
+SecAction "pass,nolog,id:'999011',severity:'5'"
diff --git a/rules/optional_rules/modsecurity_crs_42_tight_security.conf b/rules/optional_rules/modsecurity_crs_42_tight_security.conf
new file mode 100644
index 00000000..03c4347a
--- /dev/null
+++ b/rules/optional_rules/modsecurity_crs_42_tight_security.conf
@@ -0,0 +1,35 @@
+# ---------------------------------------------------------------
+# Core ModSecurity Rule Set ver.1.6.0-rc3
+# Copyright (C) 2006-2007 Breach Security Inc. All rights reserved.
+#
+# The ModSecuirty Core Rule Set is distributed under GPL version 2
+# Please see the enclosed LICENCE file for full details.
+# ---------------------------------------------------------------
+
+
+# 
+#      This ruleset file contains rules that are highly prone to FPs
+#
+#      When installing this ruleset, you are advised to activate ModSecurity
+#      in DetectionOnly, and verify that this ruleset doesn't intercept too
+#      many legit requests. 
+#
+ 
+SecDefaultAction "log,pass,phase:2,status:400,t:none"
+
+#
+# Directory Traversal
+#
+SecRule REQUEST_URI "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \
+        "phase:1,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Path Traversal Attack',id:'950103',severity:'2'"
+
+# Weaker signature
+SecRule REQUEST_FILENAME "\.\.[/\x5c]" "phase:1,t:urlDecodeUni,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Path Traversal Attack',id:'950103',severity:'2'"
+
+
+#
+# RFI Attack
+#
+SecRule ARGS "^(?:ht|f)tp:/" \
+        "t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Remote File Inclusion Attack',id:'950117',severity:'2'"
+