azurit
azurit
@catharsis71 Unfortunately, this isn't as easy as it may seems. WordPress has tons of plugins and themes. To get you into a perspective - i'm running a webhosting services where...
@catharsis71 Ping.
@Danrancan Never exclude rules 949* because this will completely disable firewall (these are the blocking rules). The rest of the exclusion rule looks ok.
@Danrancan Thanks for letting us know.
Modsec is doing something wrong while URL decoding. I tested with this rule: ``` # This condition is here only to filter my reuqest to a specific host SecRule SERVER_NAME...
Apache/2.9.6
@theseion Rule `942210` matches payload from test above with data `pay=1 OR 2+` but test is still using `no_log_contains` . It passes (rule `942210` is not triggered) because modsec seems...
@theseion But it is strange that `+` at the end is removed. Why is it ~~removed~~ replaced with a space? This is the data which modsec receives: `pay%3D1+OR+2%2B` URL decode...
Didn't know modsec is automatically URL decoding `ARGS` and `ARGS_NAMES`, found this in the docs for `t:urlDecode`: `The transformation function should not be used against variables that have already been...
In fact, by doing URL decode twice, we are potentially opening lots of holes in the firewall - like the one in the test above, we are simply not detecting...