ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
The official doc for modsecurity 2.x and 3.x for both `SecRuleUpdateActionById` and `chain` are errant. They lead to errant rule writing and/or exposing underlying modsecurity bugs. I request clarification/rewrite of...
**Describe the bug** `REQUEST_FILENAME` variable is not getting correctly set in `Transaction::processURI()` **To Reproduce** Steps to reproduce the behavior: 1. Create a new `Transaction` variable, define in [transaction.h]( https://github.com/SpiderLabs/ModSecurity/blob/v3/master/headers/modsecurity/transaction.h) 2....
**Describe the bug** When response code is changed during phase 4 and the original response code is other than 200, Apache httpd does not execute ErrorDocument directive and bad response...
When, instead of restarting nginx, one performs a ```reload``` of the configuration, memory may leak. The memory leaks are not large per reload, but if doing so frequently, the free...
Hello! I'm trying to setup ModSecurity but I'm dealing with issues when uploading large files. At first I had issues uploading files so I set `SecRequestBodyAccess` to `Off`, which is...
The MULTIPART_UNMATCHED_BOUNDARY currently is set to 2 any time there is more than one boundary found in the request, even if all the boundaries were matched. This change makes it...
The build system should not directly use the `.libs` directory which is intended for internal use by the libtool implementation. Additionally when linking with internal a library the `.la` file...
**Describe the bug** `m.getvars("XML")` return null **To Reproduce** 1. setup modsecurity ``` docker run -ti --rm -p 8083:80 -e ERRORLOG=/tmp/nginx_error.log -e MODSEC_DEBUG_LOG=/tmp/debug.log -e MODSEC_AUDIT_LOG=/tmp/audit.log -e BACKEND=http://10.56.58.13:8888 docker.io/owasp/modsecurity-crs:3.3.5-nginx-alpine-202401080101 ``` replace BACKEND...
Providing a basic benchmark report graph for performance recording.
I am using IIS Application Request Routing (ARR) with ModSecurity. ModSecurity is installed and configured with the OWASP Core rule set on Windows 2022. I am trying to improve the...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...