Ervin Hegedus
Ervin Hegedus
Based on [this PR](https://github.com/coreruleset/nextcloud-rule-exclusions-plugin/pull/62#discussion_r1560613907) it seems that some engines (libmodsecurity3) allow the `&` sign with each variables (eg. `REQUEST_BODY_LENGTH`) even it makes no sense (what about Coraza?). Apache2 reports a...
**Describe the bug** It's not a bug but a discussion about a new feature, how can we extend the XML processing. There is a feature request from a customer that...
## what Add PR's to `CHANGES` ## why PR's weren't added during the merge process.
## what Add handling of Multipart Header's "filename*" (asterisk at the end!) field. ## why mod_security2 (v2) does not handle MULTIPART header's "filename*" field, eg: ``` Content-Disposition: form-data; name="file"; filename*=UTF-8''r%C3%A9sum%C3%A9.pdf...
## what Add PR's to `CHANGES` ## why PR's weren't added during the merge process.
**Describe the bug** Libmodsecurity3 produces log (through a callback function eg. for Nginx) with unusable `[hostname]` field. `[hostname]` always contains the IP address of the **server**, which has no informational...
A CVE was published on October 9 2024: [CVE-2024-46292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46292) We wrote a blog post where we try to summarize what happened: https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/ If you have any question or want to...
### Motivation There was an interesting question on Stackexchange: https://security.stackexchange.com/questions/278445/why-is-put-request-not-allowed-by-default-in-owasp-coreruleset > **Why is PUT Request not allowed by default in OWASP CoreRuleSet** And I couldn't find any relevant information (I...
## what This PR changes the format of [utils::string::ascTime()](https://github.com/owasp-modsecurity/ModSecurity/commit/6248ac1c166b22f4de82680c5ceb26377d1d4e72#diff-e71d5c46f8ce20d4b7e76eb815fc9a3866ab8c854d62e54b9e2fa92bee98be13R77). The function is used only in one place, in [transaction.cc](https://github.com/owasp-modsecurity/ModSecurity/blob/6248ac1c166b22f4de82680c5ceb26377d1d4e72/src/transaction.cc#L1568), it produces the field `time_stamp` if the audit log format is...
**Describe the bug** It seems like the `@rx` operator has a different behavior in two engines (mod_security2 and libmodsecurity3) mod_security2 has these PCRE flags: [PCRE2](https://github.com/owasp-modsecurity/ModSecurity/blob/v2/master/apache2/re_operators.c#L990), [PCRE](https://github.com/owasp-modsecurity/ModSecurity/blob/v2/master/apache2/re_operators.c#L992) libmodsecurity3 has these ones:...