Smooth upgrading of OWASP CRS3 to CRS4

Performing a major upgrade of your CRS WAF rules usually means you need to lower your defenses to accommodate for the new false positives. Netnea.com has released a GPL licensed CRS plugin (the netnea-crs-upgrading-plugin) that allows you to perform this transition in a smooth way without need to change your anomaly threshold. Leveraging a parallel installation, the plugin allows you to run CRS4 in monitoring mode on a CRS3 installation, to route certain URIs to CRS4 and also to sample a certain percentage through CRS4 while the rest remains on CRS3. The CRS upgrading will no longer be a leap of faith, but a calculated transition. See the blog post at https://www.netnea.com/cms/2025/11/20/the-new-netnea-crs-upgrading-plugin-simplifying-the-migration-from-crs-v3-to-v4/ submitted by /u/dune73 [link] [comments]Technical Information Security Content & DiscussionRead More