Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

OWASP Standard Rules

1 Introduction

This document provides further details about the OWASP Core Rule Set (CRS) rules in the LoadMaster including a list of rule sets and associated ID numbers. All rule sets are enabled by default. Rule groups or individual rules within each ruleset can be enabled/disabled as required. To enable a rule or group of rules, select the relevant check box. If you have previously enabled/disabled rules in a ruleset within a Virtual Service - the rules retain their previous settings.

2 OWASP Standard Rules

A list of the OWASP standard rule sets and associated ID numbers is shown in table below:

Rule Set Name

Rule Set Identifier

Associated Rules
Request Rules    
method-enforcement 911 911100
scanner-detection 913 913100, 913101, 913102, 913110, 913120
protocol-enforcement 920 920100, 920120, 920160, 920170, 920171, 920180, 920181, 920190, 920210, 920220, 920240, 920250, 920260, 920270, 920280, 920290, 920310, 920311, 920330, 920340, 920350, 920380, 920360, 920370, 920390, 920400, 920410, 920470, 920420, 920480, 920430, 920440, 920500, 920450, 920200, 920201, 920230, 920300, 920271, 920320, 920121, 920341, 920272, 920490, 920510, 920202, 920273, 920274, 920275, 920460
protocol-attack 921 921110, 921120, 921130, 921140, 921150, 921160, 921190, 921200, 921151, 921180
application-attack-lfi 930 930100, 930110, 930120, 930130
application-attack-rfi 931 931100, 931110, 931120, 931130
application-attack-rce 932 932100, 932105, 932110, 932115, 932120, 932130, 932140, 932150, 932160, 932170, 932171, 932180, 932200, 932106, 932190
application-attack-php 933 933100, 933110, 933120, 933130, 933140, 933500, 933150, 933160, 933170, 933180, 933210, 933151, 933131, 933161, 933111, 933190
application-attack-nodejs 934 934100
application-attack-xss 941 941100, 941110, 941120, 941130, 941140, 941160, 941170, 941180, 941190, 941200, 941210, 941220, 941230, 941240, 941250, 941260, 941270, 941280, 941290, 941300, 941310, 941350, 941360, 941370, 941101, 941150, 941330, 941340, 941380
application-attack-sqli 942 942100, 942140, 942160, 942170, 942190, 942220, 942230, 942240, 942250, 942270, 942280, 942290, 942320, 942350, 942360, 942500, 942110, 942120, 942130, 942150, 942180, 942200, 942210, 942260, 942300, 942310, 942330, 942340, 942361, 942370, 942380, 942390, 942400, 942410, 942470, 942480, 942430, 942440, 942450, 942510, 942251, 942490, 942420, 942431, 942460, 942101, 942511, 942421, 942432
application-attack-session-fixation 943 943100, 943110, 943120
application-attack-java 944 944100, 944110, 944120, 944130, 944200, 944210, 944240, 944250, 944300
Response Rules    
data-leakages 950 950130, 950140, 950100
data-leakages-sql 951 951110, 951120, 951130, 951140, 951150, 951160, 951170, 951180, 951190, 951200, 951210, 951220, 951230, 951240, 951250, 951260
data-leakages-java 952 952100, 952110
data-leakages-php 953 953100, 953110, 953120
data-leakages-iis 954 954100, 954110, 954120, 954130
correlation 980 980100, 980110, 980120, 980130, 980140, 980150

All request rule sets are enabled by default. If you have the Process HTTP Responses option enabled you can also enable response rules. To get to the Process HTTP Responses option, go to Virtual Services > View/Modify Services > Modify > WAF > Advanced Settings.

Last Updated Date

This document was last updated on 30 May 2022.


Comments