ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
`yajl` library has been unmaintained upstream[1] since 2015. Last published release contians multiple CVEs (CVE-2023-33460, CVE-2022-24795, CVE-2017-16516) and fixes have had to be carried by downstream distributions and third parties....
**Describe the bug** We are missing transaction logs for some of the blocked requests. **Logs and dumps** 188#188: *3490527 [client my.ip] ModSecurity: Access denied with code 403 (phase 2). Matched...
ModSecurity version (and connector): ModSecurity v3.0.13 with nginx-connector v1.0.3 WebServer: nginx-1.27.2 OS (and distro): alpine:3.20.3 # Description I am trying to implement custom HTTP status codes for deny actions across...
libModSecurity3: requests are blocked when `SecRequestBodyNoFilesLimit` is set to a very high value
**Describe the bug** When `SecRequestBodyNoFilesLimit` is set to a very high value, all requests get incorrectly blocked as being too large. This does not happen on Apache. **Logs and dumps**...
**Describe the bug** When we want to upload a huge file (>2GB) to a remote web site (Artifactory in our case) , our http client hangs indefinitely. However, the file...
# Feature libModSecurity3 supports the use of transaction collection variables as an value when using the ipMatch operator, this isn't the case for ModSecurity2. For example. these rules work on...
**Describe the bug** The latest version of nginx, I built my own docker image and used GitHub workflow to automatically execute it. Turning on modsecurity in the newly built nginx...
ModSecurity does not recognize the Host header when using HTTP/3. I believe I have the correct versions of ModSecurity, the connector, and the rules. Is any custom configuration necessary to...
I cannot seem to compile LibModSecurity for windows 32-bit i have tried to no avail, i did manage to compile x64 with no problems through conan, but my application requires...
Hey, Even though I made all the installations perfectly, the load module part I added to the conf configuration does not work at all. ``` **ldd** = libcurl-gnutls.so.4 => /lib/x86_64-linux-gnu/libcurl-gnutls.so.4...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...