ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
Using Modsecurity 2.9.3 with IIS and OWASP-CRS in combination with IPv6, the IPv6 address does not show up in remote_address and thereby always false-positive. Auditlog: `{"transaction":{"time":"24/Dec/2018:10:29:11 +0100","transaction_id":"17221764977212260572","remote_address":"","remote_port":80,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET / HTTP/1.1","headers":{"Connection":"keep-alive","Content-Length":"0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Encoding":"gzip, deflate","Accept-Language":"nl,en-GB;q=0.7,en;q=0.3","Host":"inter.testipv6.waf","User-Agent":"Mozilla/5.0...
This is related with feature request https://github.com/SpiderLabs/ModSecurity-nginx/issues/121 > Modsecurity should reopen audit log on these two signals for proper logrotate operation. As noted at https://github.com/SpiderLabs/ModSecurity-nginx/issues/121#issuecomment-420619429, we could leverage a similar...
I'm developer of WAF. My product can update its rules on the fly while running. I ran tests loading a large set of rules in a separately launched appication (custom...
**Describe the bug** Both ModSecurity 2, ModSecurity 3 as well as Coraza are translating U+062F and U+D8AF to slash leading to a false positive with the CRS path traversal rule...
**Describe the bug** I using modsecurity v3.0.13 with nginx 1.26. After running one day, memory over to 90%. I using valgrind monitor memory. Below log of valgrind: ==300601== LEAK SUMMARY:...
**Describe the bug** It seems like the `@rx` operator has a different behavior in two engines (mod_security2 and libmodsecurity3) mod_security2 has these PCRE flags: [PCRE2](https://github.com/owasp-modsecurity/ModSecurity/blob/v2/master/apache2/re_operators.c#L990), [PCRE](https://github.com/owasp-modsecurity/ModSecurity/blob/v2/master/apache2/re_operators.c#L992) libmodsecurity3 has these ones:...
I came to this repository from https://github.com/coreruleset/coreruleset/pull/3858#issuecomment-2460385037. With that pull request, the [OASIS OData Technical Committee](https://groups.oasis-open.org/communities/tc-community-home2?CommunityKey=e7cac2a9-2d18-4640-b94d-018dc7d3f0e2) had asked for content type `multipart/mixed` to be included in the [list of allowed...
**How to use SecRuleUpdateActionById directive to change action of multi rule id ?** When i use ```SecRuleUpdateActionById 70050015 "pass"``` -> It's work But ```SecRuleUpdateActionById 70050014-70050016 "pass"``` -> Not work
```C /* * ModSecurity, http://www.modsecurity.org/ * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License....
I have multiple ipsets the /24 is having around 50k entries. I was thinking of not dropping or rejecting this traffic. But redirecting it to a page. Sort of what...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...