From 7e6806fa2579999a3adf992c99e1c6261648c9f8 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 7 Aug 2020 11:19:40 -0300 Subject: [PATCH] Updated Reference Manual (v2.x) (mediawiki) --- Reference-Manual-(v2.x).mediawiki | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/Reference-Manual-(v2.x).mediawiki b/Reference-Manual-(v2.x).mediawiki index 18ea3cc..8312987 100644 --- a/Reference-Manual-(v2.x).mediawiki +++ b/Reference-Manual-(v2.x).mediawiki @@ -41,19 +41,6 @@ ModSecurity is available under the Apache Software License v2 [http://www.apache ; Note : ModSecurity, mod_security, ModSecurity Pro, and ModSecurity Core Rules are trademarks or registered trademarks of Trustwave Holdings, Inc. -= OWASP ModSecurity Core Rule Set (CRS) Project = -== Overview == -ModSecurity is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity must be configured with rules. In order to enable users to take full advantage of ModSecurity out of the box, Trustwave's SpiderLabs created the OWASP ModSecurity Core Rule Set (CRS) Project. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS provide generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The CRS is heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity. The latest rules packages can be found at the [http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP ModSecurity CRS Project Site]. - -== Core Rules Content == -In order to provide generic web applications protection, the CRS use some of the following example techniques: - -*HTTP protection - detecting violations of the HTTP protocol and a locally defined usage policy. -*Common Web Attacks Protection - detecting common web application security attack. -*Automation detection - Detecting bots, crawlers, scanners and other surface malicious activity. -*Trojan Protection - Detecting access to Trojans horses. -*Error Hiding - Disguising error messages sent by the server. - = Installation for Apache = == Prerequisites ==