ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

verified publisher icon owasp-modsecurity

Metadata

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...

Results 300 ModSecurity issues
Sort by recently updated
recently updated
newest added

Align "reference" field value in JSON transaction log with standard log.

9 comment

Transaction JSON log of "reference" is too verbose for some rules. There is a limit for "ref" field in "standard" log. file: **rule_message.cc** ``` ... msg.append(" [ref \"" + utils::string::limitTo(200,...

asamuta avatar asamuta

3.x

Deleted redundant code in 'ModSecurity::serverLog(...)'.

2 comment

The complete 'if (...) {...}' construction can be removed because the same code is executed immediately after the 'if (...) {...}' construction. When the condition evaluates to true, the same...

gberkes avatar gberkes

3.x

Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist.

6 comment

Hello, I'm having issue with Modsecurity 2.9 (it is installed into a plesk server latest version with latest updates) On every single visit I got a register with that 2...

ic32k avatar ic32k

2.x

SecRuleScript actions always considered disruptive

1 comment

The following block triggers an error in v3 (nginx): ``` SecRule REQUEST_FILENAME "@unconditionalMatch" \ "id:888888,\ phase:1\ chain" SecRuleScript test.lua "nolog" ``` The error is: ``` nginx: [emerg] "modsecurity_rules_file" directive Disruptive...

theseion avatar theseion

bug
3.x

Debian package dependencies are broken

10 comment

Hi @airween, I'm trying to install modsecurity3 latest for nginx from sid. Apparently there is a minor fix in 3.0.12 leading to a version 3.0.12-1.1 . However this fix has...

logopk avatar logopk

3.x

SecAuditLogFormat set to JSON prints logs in native format aswell

8 comment

**Describe the bug** Unable to get json logs for Modsecurity in K8s ingress-nginx even after setting `SecAuditLogFormat: JSON`. I am setting `SecAuditLogFormat: JSON` and I want that the logs should...

Shivam0609 avatar Shivam0609

3.x

NULL pointer checks & compiler warnings

1 comment

I'm rewriting my PR for NULL pointer checks. In most places, it's as basic as adding "if (ptr != NULL)" but I tried to optimize it a bit. There are...

marcstern avatar marcstern

2.x
help wanted

Enforce YAJL mandatory dependency in configuration and codebase

7 comment

The goal of this PR is to enforce YAJL being a mandatory dependencies during configuration and simplify the codebase. Work on this PR originated in discussions about mandatory dependencies in...

eduar-hte avatar eduar-hte

msc_regexec() != PCRE_ERROR_NOMATCH

2 comment

Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match. Other errors may happen that would return -2, -3, ... Matching would be incorrectly set in this case. We...

marcstern avatar marcstern

fix: remove usage of insecure tmpnam

1 comment

## what - remove usage of tmpnam - apr has primitives for file handling and unique name creation ## why - tmpnam is considered unsafe ## drawbacks - static memory...

fzipi avatar fzipi

Metadata

7.7k
Stars
1.5k
Forks
Watchers

Owner

verified publisher icon owasp-modsecurity

Metadata

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...

Back