Armin Abfalterer

icon indicating a website link www.united-security-providers.ch

icon company United Security Providers icon location Zurich icon location Cyber Defence Engineer/Architect with a commitment to developing robust security solutions and enabling customers to navigate the evolving threat landscape

Results 9 issues of Armin Abfalterer

segfault with assigned user id on OpenShift

1 comment

When running httpd on OpenShift, by default the server instance will run with an assigned user ID not appearing in the UNIX password file. There are several places in the...

enhancement
Platform - Apache
2.x
pr available

segmentation fault with httpd 2.4.54

8 comment

For regression testing we use a proprietary HTTP service that is able to simulate a CA authoritiy to mod_md. Since we have updated httpd to 2.4.54 we face segmentation faults...

oauth2 filter does not verify tokenEndpoint certificate where SNI is not set

7 comment

When activating TLS and explicitly specifying a _trusted_ca_ in the corresponding upstream cluster, the oauth2 filter does not check the server certificate for the correctness of the CA. In fact,...

bug
area/tls
stale
area/oauth

503 with fallback certificate on http-01 challenge verification request

3 comment

Hello, on a local test setup I'm using httpd-2.4.57 to integrate mod_md with [boulder](https://github.com/letsencrypt/boulder). The setup looks like this - integration of virtual host **acme-test.foo.com** on port 443 - no...

set exec path for enforce-sysctl-value-${qtitle} resource

Anti-Virus scanning of payload

2 comment

**Anti-Virus scanning of request payload** *Description*: For requests to be scanned, an outcall to an external serivce should be made and payload to be transfered to the specific endpoint. The...

enhancement
stale
area/http_filter

Adaptation of the log format of hot-restarter.py to the format of Envoy

6 comment

**Current Behavior:** The _hot-restarter.py_ script logs timestamps with a comma (,) separating seconds from milliseconds. ``` [2024-05-13 14:03:31,880][1][INFO][hot-restarter.py:210] starting hot-restarter with target: /usr/local/bin/start_envoy.sh [2024-05-13 14:03:31,880][1][INFO][hot-restarter.py:183] forking and execing new child...

version-change

Changed behavior with httpd/mod_security due outbound anomaly score resetting in v4.2.0

15 comment

#### Affected Products: - mod_security v2.9.7 with Apache httpd 2.4.58 - OWASP CRS v4.2.0 #### Description: Upgrading OWASP CRS from v3.3.5 to v4.2.0 in conjunction with mod_security on Apache httpd...

:heavy_plus_sign: False Positive
:hourglass_flowing_sand: awaiting feedback

update to CRS v4.5.0

This PR updates the CRS to the latest version v4.5.0