Christian Folini
Christian Folini
Update from the OWASP ModSecurity Core Rule Set project: * We have shifted all rules that can run in phase 1 into phase 1 for the v3.4/dev branch * We...
@zimmerle I get the feeling the proposed change / solution for this regression is trying to do things in an intransparent way, kind of outsmarting the user. That usually leads...
@xiangwang1 : In the prefiltering mode is the construction of the superset of matches automatic, or is this pattern something that a user needs to provide? If it's automatic, does...
That would be highly welcome. We are observing the way PCRE1 becomes obsolete and would welcome a shift to PCRE2 for ModSec 2.9.
Thank you for your interest. In fact we have now 3 GSoC students interested in this one here.
The GSoC project around this was successful. A blog post is pending. The system is not production ready yet, though. This is likely to come after CRS4.
Let me add my two cents. 920271 is a paranoia level rule. That means false positive can happen. 920271 also dies URLDecoding. `%123` is thus `%12` + `3`. Now %12...
> modsec 3.x allows for SecRuleRemoveById xxxxx directly in crs.conf, but doesn't honor them This is probably loaded before the rule is declared. Config-time rule exclusions need to be declared...
You may want to take a closer look at my ModSec tutorials on https://www.netnea.com/apache-tutorials/. There is also a cheat sheet that is meant to prevent exactly this error (which happens...
### CRS Bug Bounty PR assessment * **Rules affected** (list rules): 931130 * **Paranoia Level addressed** (1, 2, 3, 4, full or explain): 2 * **FTW passes** (yes or no)...