A Thirty-Day Dataset of Malicious HTTP Requests Blocked by OWASP ModSecurity on a Production Web Server

We present a real-world dataset capturing thirty consecutive days of malicious HTTP traffic filtered and blocked by the OWASP ModSecurity Web Application Firewall (WAF) on a live production server. Each entry corresponds to a request that triggered one or more rules in the OWASP Core Rule Set (CRS),...

Full description

Saved in:
Bibliographic Details
Published in:Data (Basel) Vol. 10; no. 11; p. 186
Main Authors: Lucz, Geza, Forstner, Bertalan
Format: Journal Article
Language:English
Published: Basel MDPI AG 01.11.2025
Subjects:
Anomalies
Applications programs
Archives & records
Audits
Customer feedback
Cybersecurity
Data collection
Data security
Datasets
Headers
HTTP request filtering
Internet software
intrusion detection dataset
Intrusion detection systems
Machine learning
Metadata
ModSecurity
OWASP Core Rule Set (CRS)
Payloads
real-world dataset
Servers
Web Application Firewall (WAF)
Web applications
ISSN:2306-5729, 2306-5729
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We present a real-world dataset capturing thirty consecutive days of malicious HTTP traffic filtered and blocked by the OWASP ModSecurity Web Application Firewall (WAF) on a live production server. Each entry corresponds to a request that triggered one or more rules in the OWASP Core Rule Set (CRS), resulting in its inclusion in the audit log due to suspected exploitation attempts. The dataset includes attack categories such as SQL injection, cross-site scripting (XSS), local file inclusion, scanner probes, and various malformed or evasive input forms. The data has been carefully anonymized to protect sensitive information while preserving critical structural tags, including request method, URI, triggered rule IDs, request headers, and user-agent strings. This dataset provides a real-world resource for cybersecurity researchers, particularly those developing or evaluating intrusion detection systems (IDSs), WAF rule tuning strategies, anomaly detection algorithms, and adversarial machine learning models. The dataset also allows performance testing of threat prevention pipelines. By making this dataset publicly available, we aim to support reproducible research in web security, encourage benchmarking of detection techniques under real-world conditions, and contribute insight into the nature of contemporary web-based threats observed in an uncontrolled environment.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2306-5729
2306-5729
DOI:10.3390/data10110186