A Thirty-Day Dataset of Malicious HTTP Requests Blocked by OWASP ModSecurity on a Production Web Server

We present a real-world dataset capturing thirty consecutive days of malicious HTTP traffic filtered and blocked by the OWASP ModSecurity Web Application Firewall (WAF) on a live production server. Each entry corresponds to a request that triggered one or more rules in the OWASP Core Rule Set (CRS),...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Data (Basel) Ročník 10; číslo 11; s. 186
Hlavní autoři: Lucz, Geza, Forstner, Bertalan
Médium: Journal Article
Jazyk:angličtina
Vydáno: Basel MDPI AG 01.11.2025
Témata:
Anomalies
Applications programs
Archives & records
Audits
Customer feedback
Cybersecurity
Data collection
Data security
Datasets
Headers
HTTP request filtering
Internet software
intrusion detection dataset
Intrusion detection systems
Machine learning
Metadata
ModSecurity
OWASP Core Rule Set (CRS)
Payloads
real-world dataset
Servers
Web Application Firewall (WAF)
Web applications
ISSN:2306-5729, 2306-5729
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:We present a real-world dataset capturing thirty consecutive days of malicious HTTP traffic filtered and blocked by the OWASP ModSecurity Web Application Firewall (WAF) on a live production server. Each entry corresponds to a request that triggered one or more rules in the OWASP Core Rule Set (CRS), resulting in its inclusion in the audit log due to suspected exploitation attempts. The dataset includes attack categories such as SQL injection, cross-site scripting (XSS), local file inclusion, scanner probes, and various malformed or evasive input forms. The data has been carefully anonymized to protect sensitive information while preserving critical structural tags, including request method, URI, triggered rule IDs, request headers, and user-agent strings. This dataset provides a real-world resource for cybersecurity researchers, particularly those developing or evaluating intrusion detection systems (IDSs), WAF rule tuning strategies, anomaly detection algorithms, and adversarial machine learning models. The dataset also allows performance testing of threat prevention pipelines. By making this dataset publicly available, we aim to support reproducible research in web security, encourage benchmarking of detection techniques under real-world conditions, and contribute insight into the nature of contemporary web-based threats observed in an uncontrolled environment.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2306-5729
2306-5729
DOI:10.3390/data10110186