Looks like we're finally getting an updated core rule set for ModSecurity.
Let CRS 4 be your valentine! – OWASP ModSecurity Core Rule Set
coreruleset.org
New Features in CRS 4Let CRS 4 be your valentine! – OWASP ModSecurity Core Rule Set
coreruleset.org
CRS 4 includes many coverage improvements, plus the following new features:
- Plug-in architecture allowing official and 3rd party plugins to integrate into CRS
- Early-Blocking option
- Over 500 individual rule bypasses closed following a big Bug Bounty project
- New web shell detection
- Full RE2/Hyperscan compatibility for better performance
- Support for HTTP/3
- More granular reporting options