Christian Folini
Christian Folini
Assigning this to @fzipi.
Very interesting case. Very good you bring this up @ne20002. Sorry for the inconvenience. It is something somebody should have caught pre-release but if we fix in the next few...
Very, good. I see what is going on now. I dare say CrowdSec is not doing this in a very smart way. Making CrowdSec making good use of ModSec and...
@ne20002 Thank you for the followup. I do not get this, though. You quoted the following logline above: ``` ModSecurity: Warning. Matched "Operator PmFromFile' with parameter unix-shell.data' against variable ARGS:exec'...
Hey @LaurenceJJones, thank you for joining the discussion. I'm sure we can sort this out to make things run smoothly for CrowdSec users. Trying to recreate the logging situation locally...
OK. So this is not what I expected to find. The logging on the official CRS Nginx container (`nginx-alpine`) is as described as above. Request: `curl localhost:8080 --data "exec:/bin/bash" -H...
Here what I did: ``` host $ docker buildx bake -f docker-bake.hcl --set "*.platform=linux/amd64" --load nginx-alpine ... host $ docker run -ti --rm --name crs owasp/modsecurity-crs:nginx-alpine & ... host $...
@theseion : In @LaurenceJJones 's screenshot above, there is a nonblocking 932160 alert on loglevel `error`. In your dump, though, there is `2024/03/11 18:17:22 [info] 105#105:` for the blocking rule...
That's my gut feeling as well. And I would be pleased if somebody with more docker FU than me (I'm like the least docker-experienced person you can think of) would...
OK, we getting near the bottom now. This very close to the desired behavior now. I am not using ModSec3 myself and on ModSec2 / Apache everything is on level...