ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
Currently, am using Nginx + ModSecurity v3. I want to create a rule that filters double quotation mark characters using a non-regex operator. Pattern: ``not "redirect" to`` I write the...
I'm encountering an issue where the severity in ModSecurity audit logs is shown as a numeric value (e.g., "severity": "2") instead of the string defined in the rules (e.g., "severity":...
A CVE was published on October 9 2024: [CVE-2024-46292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46292) We wrote a blog post where we try to summarize what happened: https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/ If you have any question or want to...
**Describe the bug** I am trying to enable allowing specific ssl certificate, I already set rules inside /etc/nginx/modsec/rules/ssl-client_certifcate.conf and also configure ngix for taking this certificate. I am able to...
**Describe the bug** The limit `SecArgumentsLimit` is inconsistently used an documented. | | v2.9.8 | v3.0.13| |--|:--:|:--:| | Supported (code) | [x](https://github.com/owasp-modsecurity/ModSecurity/blob/v2.9.8/apache2/apache2_config.c#L2131-L2153) | ? (could not find it in source...
**Describe the bug** I'm using mmdb to block countries from my website and it works fine until I reload my nginx server and I start getting the message "Database is...
**Describe the bug** The ModSecurity log entries show operators and parameters enclosed in backticks (`), while variable names and data values are enclosed in single quotes ('). For example: -...
I am using `@rbl xbl.spamhaus.org.` rule for protecting my Fediverse server and I face the issue that with latest version of either ModSecurity or the docker.io/owasp/modsecurity-crs:nginx container the collection handling...
Hi, I have a question about the exact intended semantic of MATCHED_VARS / MATCHED_VARS_NAMES The [documentation](https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#matched_vars_names) is a little bit vague with > Similar to MATCHED_VAR_NAME except that it is...
Hi! After updating ModSecurity to version 3.0.14, the audit log files are no longer written. With a debug log configured, I just see a Cannot save the audit log: file...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...