Registry for OWASP CRS plugins, official and 3rd party.
OWASP CRS allows for plugins. Yet the rule ID namespace needs to be coordinated. This repo serves as the official place to register plugins and reserve rule ID ranges.
The rule ID range from 9,500,000 - 9,999,999 is reserved for CRS plugins.
Plugins usually get a range of 1,000 IDs with the notable exception of the incubator plugin that maps the regular CRS IDs from 900K for each rule to the range 9,900,000 - 9,999,999.
| Plugin Name | Rule ID Range | Repository | Type | Status | CI |
|---|---|---|---|---|---|
| template | 9,500,000 - 9,500,999 | coreruleset/template-plugin | official | ✅ tested | Integration tests |
| auto-decoding | 9,501,000 - 9,501,999 | coreruleset/auto-decoding-plugin | official | untested | |
| antivirus | 9,502,000 - 9,502,999 | coreruleset/antivirus-plugin | official | being tested | |
| body-decompress | 9,503,000 - 9,503,999 | coreruleset/body-decompress-plugin | official | being tested | |
| fake-bot | 9,504,000 - 9,504,999 | coreruleset/fake-bot-plugin | official | ✅ tested | Integration tests |
| google-oauth2 | 9,505,000 - 9,505,999 | coreruleset/google-oauth2-plugin | official | ✅ tested | Integration tests |
| drupal-rule-exclusions | 9,506,000 - 9,506,999 | coreruleset/drupal-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| wordpress-rule-exclusions | 9,507,000 - 9,507,999 | coreruleset/wordpress-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| nextcloud-rule-exclusions | 9,508,000 - 9,508,999 | coreruleset/nextcloud-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| dokuwiki-rule-exclusions | 9,509,000 - 9,509,999 | coreruleset/dokuwki-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| cpanel-rule-exclusions | 9,510,000 - 9,510,999 | coreruleset/cpanel-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| xenforo-rule-exclusions | 9,511,000 - 9,511,999 | coreruleset/xenforo-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| phpbb-rule-exclusions | 9,512,000 - 9,512,999 | coreruleset/phpbb-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| phpmyadmin-rule-exclusions | 9,513,000 - 9,513,999 | coreruleset/phpmyadmin-rule-exclusions-plugin | official | ✅ tested | Integration tests |
| dos-protection-modsecurity | 9,514,000 - 9,514,999 | coreruleset/dos-protection-plugin-modsecurity | official | untested | |
| machine-learning-integration-plugin | 9,516,000 - 9,516,999 | coreruleset/machine-learning-integration-plugin | official | draft | |
| performance-plugin | 9,517,000 - 9,517,999 | coreruleset/performance-plugin | official | draft (Private) | |
| ghost-rule-exclusions | 9,518,000 - 9,518,999 | coreruleset/ghost-rule-exclusions-plugin | official | draft (Private) | |
| roundcube-rule-exclusions-plugin | 9,519,000 - 9,519,999 | EsadCetiner/roundcube-rule-exclusions-plugin | 3rd party | ✅ tested | Integration tests |
| sogo-rule-exclusions-plugin | 9,520,000 - 9,520,999 | EsadCetiner/sogo-rule-exclusions-plugin | 3rd party | ✅ tested | Integration tests |
| iredadmin-rule-exclusions-plugin | 9,521,000 - 9,521,999 | EsadCetiner/iredadmin-rule-exclusions-plugin | 3rd party | ✅ tested | Integration tests |
| wordpress-hardening-plugin | 9,522,000 - 9,522,999 | eilandert/wordpress-hardening-plugin | 3rd party | untested | |
| database-logging-plugin | 9,523,000 - 9,523,999 | coreruleset/database-logging-plugin | official | untested | |
| referer-hardening-plugin | 9,524,000 - 9,524,999 | coreruleset/referer-hardening-plugin | official | ✅ tested | Integration tests |
| incubator | 9,900,000 - 9,999,999 | coreruleset/incubator-plugin | official | - |
