Welcome to the ModSecurity Positive rule set site!

The project purpose is to provide an easy way to write your own custome modsecruity rules without having to be an expert in modsecurity and create in few minutes a full rule set that can perform positive filtering for a web site.

Different from a negative filtering rule set such as the OWASP Core Rule Set which matches anomalies and log or deny the access if match, the positive rule set will match the expected values in names, contents, values, sizes and allow the access if match and deny access and consider all non-matches as anomalies that should be reviewed or blocked.

There is already a working tool that is compatible with OWASP ZAP and ModSecurity Audit log in native format as sources to build a rule set.


Have fun testing and contribute!


One thought on “New project

Leave a Reply

Your email address will not be published. Required fields are marked *