docs: add blogpost on CRSLang #449
Conversation
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
There was a problem hiding this comment.
Pull request overview
Adds a new blog post announcing and explaining CRSLang as a next-generation, YAML-based rule language for OWASP CRS, including motivation, examples, and migration guidance.
Changes:
- Introduces a new long-form blog post describing CRSLang and the rationale for moving beyond Seclang
- Includes multiple illustrative Seclang vs CRSLang examples, plus discussion of features (templates, logical expressions, translation)
- Adds links and calls-to-action for readers to learn more and join discussions
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| id: 1 | ||
| phase: 1 | ||
| conditions: | ||
| - and: | ||
| - or: | ||
| - variable: ARGS:user | ||
| operator: "@streq" | ||
| pattern: "admin" | ||
| - variable: ARGS:username | ||
| operator: "@streq" | ||
| pattern: "admin" | ||
| - variable: REQUEST_LINE | ||
| operator: "@contains" | ||
| pattern: "admin" | ||
| actions: | ||
| - action: block |
There was a problem hiding this comment.
The CRSLang YAML examples use different (and currently unexplained) schemas: the first example nests metadata under rule and uses variables/operator: { rx: ... } plus actions: { disruptive, non-disruptive }, while the later examples use rule: { id, phase } and variable/operator: "@streq" plus actions as a list of { action: ... }. This internal inconsistency makes it hard for readers to understand what the actual CRSLang structure is. Consider standardizing the examples to one consistent schema (or explicitly explaining the different variants and when each applies).
| id: 1 | |
| phase: 1 | |
| conditions: | |
| - and: | |
| - or: | |
| - variable: ARGS:user | |
| operator: "@streq" | |
| pattern: "admin" | |
| - variable: ARGS:username | |
| operator: "@streq" | |
| pattern: "admin" | |
| - variable: REQUEST_LINE | |
| operator: "@contains" | |
| pattern: "admin" | |
| actions: | |
| - action: block | |
| metadata: | |
| id: 1 | |
| phase: 1 | |
| conditions: | |
| - and: | |
| - or: | |
| - variables: | |
| - name: ARGS:user | |
| operator: | |
| streq: "admin" | |
| - variables: | |
| - name: ARGS:username | |
| operator: | |
| streq: "admin" | |
| - variables: | |
| - name: REQUEST_LINE | |
| operator: | |
| contains: "admin" | |
| actions: | |
| disruptive: block |
|
|
||
| Join the conversation: | ||
| - GitHub: [github.com/coreruleset/crslang](https://github.com/coreruleset/crslang) | ||
| - OWASP Slack: [owasp.org/slack/](https://owasp.org/slack/) (#coreruleset channel) |
There was a problem hiding this comment.
The OWASP Slack link here differs from the convention used elsewhere in the blog (typically https://owasp.org/slack/invite, e.g. content/blog/2018-10-03-owasp-crs-slack.md:19). Consider switching to the /slack/invite URL for consistency and to point directly at the invitation flow.
| Join the conversation: | ||
| - GitHub: [github.com/coreruleset/crslang](https://github.com/coreruleset/crslang) | ||
| - OWASP Slack: [owasp.org/slack/](https://owasp.org/slack/) (#coreruleset channel) | ||
| - Mailing list: Join our community discussions |
There was a problem hiding this comment.
This bullet is not actionable because it doesn’t specify which mailing list to join or provide a link (unlike the GitHub/Slack bullets above). Consider linking to the actual CRS mailing list / forum location (or remove this bullet if the mailing list is no longer used).
| - Mailing list: Join our community discussions |
Deploying website with
|
| Latest commit: |
9628510
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://01037d78.website-1u6.pages.dev |
| Branch Preview URL: | https://feat-add-blogpost-crslang.website-1u6.pages.dev |
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Co-authored-by: fzipi <3012076+fzipi@users.noreply.github.com>
Standardize CRSLang YAML schema and fix URLs in blog post
what