Let’s Make False Positives Extinct!
False positives are the biggest challenge when running a strict web application firewall in an enterprise environment. Deal with them or they will ruin your day. This is where we come in: C-Rex is the tool allowing administrators and developers to address ModSecurity / CRS false positives in an elegant way right from within the browser.
Core C-Rex Features
Rule Exclusions
C-Rex supports all four classic rule exclusion methods with a single click.
Flexibility
C-Rex integrates easily with existing log viewer and CI/CD setups.
Parsing
C-Rex parses the full variety of all ModSecurity alert messages.
CRS Integration
Created by CRS Co-Lead Christian Folini, C-Rex knows CRS by heart.
Intuitive
Developers will get C-Rex immediately, since no ModSecurity knowledge is needed.
Excludator
The central C-Rex widget we’re really proud of.
C-Rex writes the Rule Exclusions for you.
A rule exclusion instructs the WAF to skip a rule in an individual context and C-Rex is your assistant when writing rule exclusions. There are four classic types of ModSecurity rule exclusions and some of them are really hard to write by hand. C-Rex supports this crucial step: It takes a log message and provides you with the means to create a rule exclusion that you can tweak to your needs with a simple graphical interface.
Your data, your premises
In a minimal setup, you copy the alert message into the GUI, let C-Rex do its thing and then you paste the output back into your WAF configuration. Everything runs in a container on your server. No cloud, no phone-home, not even an internet connection is required.
Full integration
In a more advanced setup, you jump into C-Rex right from within your logviewer and you feed the rule exclusion into your CI/CD pipeline afterwards. This gives you a seamless integration of the WAF configuration and the CI/CD. It therefore enables your developers to tune away false positives without an extensive understanding of ModSecurity syntax and without asking the WAF or network security team for support. C-Rex is the tool that allows you to successfully integrate the WAF into your DevOps methodology.
From the CRS experts
netnea has been doing ModSecurity since 2005 and our Christian Folini wrote the 2nd edition of the ModSecurity Handbook. Meanwhile he has grown into one of the public faces of the OWASP Core Rule Set project (CRS). Most people use CRS when they speak of CRS and CRS also powers more than half of the commercial WAF market. C-Rex is a natural product of many, many years of practical ModSecurity use.
C-Rex knows the nitty gritty details
C-Rex knows CRS by heart. This is important since writing CRS rule exclusions can lead to a total WAF bypass when you disable the wrong rule by accident (rule id 949110!). But with C-Rex by your side, there is nothing to worry about: C-Rex will warn you when you get too close to the quicksand. Instead, it will tell you how to deal with the situation appropriately.
