diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest
new file mode 100644
index 0000000..a7819e8
--- /dev/null
+++ b/www-apache/modsecurity-crs/Manifest
@@ -0,0 +1 @@
+DIST modsecurity-crs-3.3.4.tar.gz 301112 BLAKE2B 0df4b70c5ecc1852fe3cde74783494636c530cc8a2b8ddc0269da25703521532ee3ed6ba1e572b854fe6912f31d2ed1fe4c917b13dc22b37763dbe73ef8c7b72 SHA512 a8b8b210054a9a4e3f8e45a5a9428110bb4075e40430e3fc16f4717e363af141265b1fb5c173ff96abeff0ac61ef5eef667a4b9cb703f8edc15e48deb3342827
diff --git a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf b/www-apache/modsecurity-crs/files/80_mod_security-crs.conf
new file mode 100644
index 0000000..c6b767a
--- /dev/null
+++ b/www-apache/modsecurity-crs/files/80_mod_security-crs.conf
@@ -0,0 +1,8 @@
+<IfDefine SECURITY>
+  # Add your custom CRS configuration here. A copy of upstream's
+  # crs-setup.conf.example is includes with the documentation of
+  # modsecurity-crs.
+
+  # Include the rules AFTER your custom configuration.
+  Include /usr/share/modsecurity-crs/rules/*.conf
+</IfDefine>
diff --git a/www-apache/modsecurity-crs/modsecurity-crs-3.3.4.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-3.3.4.ebuild
new file mode 100644
index 0000000..4290447
--- /dev/null
+++ b/www-apache/modsecurity-crs/modsecurity-crs-3.3.4.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit optfeature
+
+DESCRIPTION="OWASP ModSecurity Core Rule Set"
+HOMEPAGE="https://coreruleset.org/"
+SRC_URI="https://github.com/coreruleset/coreruleset/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+S="${WORKDIR}/coreruleset-${PV}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86 ~arm ~arm64"
+IUSE="+apache2"
+
+RDEPEND="apache2? ( >=www-apache/mod_security-2.9.6 )"
+
+DOCS=( CHANGES CONTRIBUTORS.md crs-setup.conf.example KNOWN_BUGS README.md )
+
+src_install() {
+	insinto "/usr/share/${PN}"
+	doins -r rules
+
+	einstalldocs
+
+	if use apache2; then
+		# I don't think it's worth pulling in apache-module.eclass just for
+		# this path...
+		insinto /etc/apache2/modules.d
+		doins "${FILESDIR}/80_mod_security-crs.conf"
+	fi
+}
+
+pkg_postinst() {
+	if use apache2; then
+		einfo "The CRS configuration file has been installed to:"
+		einfo "  ${ROOT}/etc/apache2/modules.d/80_mod_security-crs.conf"
+	fi
+
+	optfeature "apache-less installations, e.g. nginx" dev-libs/modsecurity
+}