ModSecurity and NGINX: Tuning the OWASP Core Rule Set


ModSecurity is the world’s most popular open source web application firewall (WAF), used by over a million websites today. ModSecurity is the WAF engine and works in conjunction with rules that define malicious behavior, most typically the OWASP Core Rule Set (CRS). The CRS provides protections against SQL Injection (SQLi), Local File Inclusion (LFI), Remote Code Execution (RCE), and many other types of attack. It is community‑maintained and has been battle‑tested for over 12 years.

In this webinar we discuss how to install the CRS with NGINX and ModSecurity, as well as how to tune it. Although the CRS's default settings minimize false positives, the fear of blocking legitimate users scares many admins away from WAFs. We cover techniques for tuning the CRS to avoid false positives in several types of environments.

In this webinar, we’ll cover:

How to install the OWASP Core Rule Set (CRS) with ModSecurity

About the types of attacks the CRS blocks, such SQLi, RFI, and LFI

How to tune the CRS to minimize false positives

What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log


Faisal Memon

Faisal Memon
Software Engineer