ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
i cant find flags for test utitlitys inside configure flag with configure --help i want compile benchmark.cc inside test/benchmark directory for some tests. and --with-pcre2=path-to-my-optimized-lib not working as expected. configure...
Dear ModSecurity Team, I am a student at Cyber security, and I recently conducted an evaluation of open-source Web Application Firewalls (WAFs) as part of my research. Among the WAFs...
**Describe the bug** In the readme, there's advice for ``` $ cd test $ ./regression-tests $ ./unit-tests ``` The second line should be `$ ./regression_tests` (underscore not dash), but I...
Hello, I'd like to use AFL Fuzzer within ModSecurity. Sadly AFL doesnt come with my Operating System so I've to compile it myself with AFL by Google and AFLPlusPlus by...
Hello, It might be impossible, but if someone has some time to spare, your help would be greatly appreciated. We are currently working with the following payload: PD94bWwgdmVyc2lvbj0iMS4wIiA/PjwhRE9DVFlQRQoKd2JsUXRnTFJZCQkJCVsgPCFFTEVNRU5UIHdibFF0Z0xSWSBBTlk+PCFFTlRJVFkKDQoNCg0lCg1GcXhaWUxQIFNZU1RFTQoNCg0KDQoNCg0iZmlsZTovLzBwMEdUbTk0M0lCMjhyTiI+ICVGcXhaWUxQOyAlRVVBaGFYSFk7IF0+PHdibFF0Z0xSWT4mcEtCcGJXbDs8L3dibFF0Z0xSWT4= This is...
# Feature: libModSecurity3 currently does not support adjusting the `requestBodyLimit` and `requestBodyNoFilesLimit` values via a runtime rule, however this feature is supported in ModSecurity2. I should be able to adjust...
Is there a way to increase the SecPcreMatchLimit for a specific file? Our Application has an API which receives very large amounts of data and I only want to increase...
Transformation `hexDecode` should not allow badly encoded inputs, or documentation should be updated
**Describe the bug** This comes from this discussion: https://github.com/corazawaf/coraza/issues/1253. Technically, there is one test that accepts a string that could not be generated by `hexEncode`. 👉 Is this the expected...
Hello, ModSec version is 2.7.3 used with IBM HTTP server We have a scenario. We use configuration like below. SecRule REMOTE_ADDR "@ipMatchFromFile /etc/opt/cpf/conf/modsecurity_whitelist" "id:250000004,phase:1,nolog,allow" SecRule REMOTE_ADDR "@ipMatchFromFile /etc/opt/cpf/conf/modsecurity_whitelist" "id:250000005,phase:5,nolog,skipAfter:WHITELIST_NOLOG" ISSUE:...
**Describe the bug** Hi, we found that installing ModSec 2.9.7 on an application server, it is breaking our Test Execution Framework tests. A prent site is accessible no problem https://ab1.testsite.com...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...