NGINX, a part of F5, Inc., is pleased to announce that we have become the first Gold sponsor of the OWASP ModSecurity Core Rule Set (CRS) project.
The CRS is a set of web application firewall (WAF) rules which detect many kinds of attacks, including the OWASP Top Ten, with a minimum of false positives. Distributed under an open source license, the CRS is designed for use with ModSecurity – the world’s most popular open source WAF – and compatible WAFs. As the most widely used WAF rule set on the Internet, the CRS processes more than 100 terabits of traffic every second all over the globe.
The ModSecurity WAF for NGINX Open Source natively supports the CRS. For details on enabling the CRS with the ModSecurity WAF, see our documentation.
With our deep roots in the open source community, NGINX highly values other open source projects and the high level of innovation and collaboration across the community, which make technologies better – and safer. We appreciate the work done by the growing CRS community and know that many of our users and customers rely on the CRS to protect their sites and apps.
So sponsoring the CRS project was an obvious and easy choice for us. In previous collaborations with the CRS team, we’ve benefited greatly from their technical expertise around ModSecurity. We’ll continue to work behind the scenes with the team to ensure that NGINX users get the best possible security when integrating ModSecurity and the CRS with our software. With ModSecurity, CRS, and NGINX working together, we can identify security improvements, triage potential issues, find performance optimizations, and more. As a sponsor, NGINX looks forward to helping ensure the OWASP ModSecurity CRS project’s long‑term success.
You can see the CRS project’s announcement on its blog.