coreruleset
coreruleset copied to clipboard
coreruleset
OWASP CRS (Official Repository)
### Description An XML containing the following XSS is not flagged as attack. Ignored up to PL4: ``` $ curl -H "x-crs-paranoia-level: 4" -H "x-format-output: txt-matched-rules" -H "x-backend: apache" -H...
Hi, I have tried to exclude the string _**scrip%u0074**_ from blocking. I added SecRule BEFORE the rules (../rules/*.conf) or SecRuleUpdateTargetById AFTER the rules (../rules/*.conf) and SecRuleUpdateTargetById AFTER the rules (../rules/*.conf),...
### Description I'm currently adding plugins to a WordPress web server. The WordPress has a theme, several plugins related to the theme, and a custom plugin. I had ModSecurity's old...
There have been many reports of false positives with the 932260 family of rules, many of these stem from invalid commands being matched (such as idendity matching id). This pr...
I have a nextcloud configured nginx server with crs set up and the nextcloud exclusions enabled by `setvsetvar:tx.crs_exclusions_nextcloud=1` However, when I try to click the "share" icon on any file...
I found TONS of ways how to bypass rule `942380` and some of them were extremely easy (for example using `\s` instead of `\s+` in regex). We are now able...
### Description This is very similar to #3721. The word "left" can trigger false positives. An example is "Take a left (1 mile)". ### How to reproduce the misbehavior (->...
### Describe the bug Since the official CRS Docker containers were modified recently to no longer support `root` by default, the testing in the CRS repo is broken out of...
[`930110-7` test](https://github.com/coreruleset/coreruleset/blob/67a4d5e5b93d9b4067970d2dc712b6eac83214af/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml#L107-L122) is performed with `uri: "/get/.."` and the expected outcome is to do not match `930110` rule. According to `930110` [description](https://github.com/coreruleset/coreruleset/blob/626522276e72dedf6015414171b772c9699d0355/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf#L60) this is actually a pattern that we are...
Rule `944110` is matching same variables in both main and chained rules. This is: 1. Not required. 2. Ineffective. 3. Possible creating more FPs. The list of variables in the...