← HeatShield Docs

OWASP Core Rule Set

OWASP ModSecurity Core Rule Set (CRS)

HeatShield uses the OWASP ModSecurity Core Rule Set. The Core Rule Set (CRS) is an extremely popular open-source collection of attack detection rules maintained by the Open Web Application Security Project (OWASP).

ModSecurity CRS Rule Group 903.9002 WordPress Exclusion Rules

These exclusions remedy false positives in a default WordPress install.

ModSecurity CRS Rule Group 905 Common Exceptions

These rules are used as an exception mechanism to remove common false positives that may be encountered.

ModSecurity CRS Rule Group 910 IP Reputation

Rules checking IP addresses.

ModSecurity CRS Rule Group 912 DoS Protection

Anti-Automation rules to detect Denial of Service attacks.

ModSecurity CRS Rule Group 920 Protocol Enforcement

Validates HTTP requests eliminating a large number of application layer attacks.

ModSecurity CRS Rule Group 930 Application Attack LFI

Checks for application attacks using Local File Inclusion (LFI).

ModSecurity CRS Rule Group 931 Application Attack RFI

Checks for application attacks using Remote File Inclusion (RFI).

ModSecurity CRS Rule Group 932 Application Attack RCE

Checks for application attacks using Remote Code Execution (RCE).

ModSecurity CRS Rule Group 933 Application Attack PHP

Checks for application attacks using PHP.

ModSecurity CRS Rule Group 941 Application Attack XSS

Checks for application attacks using XSS.

ModSecurity CRS Rule Group 942 Application Attack SQLi

Checks for application attacks using SQL injections.

ModSecurity CRS Rule Group 943 Application Attack Session Fixation

Checks for application attacks using session fixation.

Advanced security for your WordPress sites