ModSecurity-nginx
ModSecurity-nginx copied to clipboard
owasp-modsecurity
ModSecurity v3 Nginx Connector
modsecurity: v3.0.7 The memory leakage problem of nginx reload has been fed back for several years, but the problem has not been effectively solved. Is this problem expected to be...
Modsecurity should reopen audit log on these two signals for proper logrotate operation.
Hi All, we have installed nginx 1.21.x with the latest version of nginx-connector + mod_security and we noticed that in some cases some POST requests are checked by mod_security but...
After hook glibc, there are some clear memory leak in modsecurity transaction. There are `pcre_malloc` and `pcre_free` in this module, so I hook all memory callback in msc_transaction, and finally...
# Format Variables ModSecurity-nginx provide times variables for particular phases that you can uses in nginx *log_format*: *$modsecurity_req_headers_phase_time* request headers processing time in seconds with a microseconds resolution; time elapsed...
In `error_page`, nginx would reset context. Then `modsecurity-nginx` cannot recovery from previous context. It will act like this: - phase 0 (connection) - phase 1 (request headers) - phase 2...
Pull request #241 attempted to fix the problem where the log handler was not called in case of internal redirects (e.g. when using error_page). The problem was that the log...
ModSecurity-nginx assumes `ngx_http_request_t.request_body` is never NULL and encounters a segfault when the `request_body` is in fact NULL. We have seen this happen when ModSecurity-nginx is used in conjunction with [lua-nginx-module](https://github.com/openresty/lua-nginx-module)....
This is a PR that uses SpiderLabs/ModSecurity#2304 to support audit log rotation when nginx reloads config or reopens log files. Thanks to @defanator for [providing a proof-of-concept](https://github.com/SpiderLabs/ModSecurity-nginx/issues/121#issuecomment-442416602)! I tested this...
This question is in relation to some troubles the downstream ingress-nginx project has with modsecurity: https://github.com/kubernetes/ingress-nginx/issues/8388 When conflicting modsecurity rules/settings are loaded, how is that conflict resolved? Is it always...
