Description
Web application firewalls can use the OWASP Core Rule Set to detect broad classes of web attacks. Administrators install it when ModSecurity should protect applications with a widely used baseline ruleset.
It improves coverage but needs tuning. Test paranoia levels, exclusions, and logging before enforcement so legitimate traffic is not blocked unexpectedly.