ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
**Describe the bug** Building fails with these two errors related to APR: ``` config.c: In function ‘process_command_config’: 08:40:49 [85/3634] config.c:1107:60: error: passing argument 1 of ‘apr_filepath_root’ from incompatible pointer type...
**Describe the bug** I find a problem about proxy action. If access a specified webpage file, such as "http://a.com/a/index.html", it can be successfully forwarded. If access a directory, such as...
Hi, I'm running the official owasp/modsecurity-crs:nginx container with latest CRS version 4.3 and libmodsecurity3 version 3.0.12, I added this rule to my REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf file: ``` SecRule REQUEST_FILENAME "!@pmFromFile webapp_endpoints.data" \...
Removed code for SecStatusEngine. Directives is still allowed but ignored.
All credits to @arminabf - see https://github.com/owasp-modsecurity/ModSecurity/pull/1997 Use the server context, like in all other places to use standard httpd format
Log audit lock name in case of problem. Systematically log problems in update_rule_target_ex(). Fix some memory leaks in update_rule_target_ex().
## what - The previous approach would create a `std::unique_ptr` and store it in a `std::list` in `VariableValue`'s `Origins`. - The new approach stores `Origins` in a `std::vector` and constructs...
** Description of the bug ** On modsecurity v3 and OWASP CRS 4.x there are a lot of password rule matching and we notice the password printed into the modsecurity...
## what Update third-party dependencies (included in `others` directory): libinjection & Mbed TLS. ## why The versions included in ModSecurity have not been updated in a while: - libinjection currently...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...