Christian Folini
Christian Folini
Thank you for the update!
Well, up to 2.9.7 I got ``` [2025-12-02 11:46:39.609045] [security2:error] 127.0.0.1:48024 aS7Djwp_d4rQSzSzUpsP1wAAAAE [client 127.0.0.1] ModSecurity: Warning. ... ``` That is the client IP without the port number. And I do...
Maybe the problem is Apache not giving an option to write the IP address without the port number in the error.log. I'd probably keep it as is for the time...
Yes, that's probably the most reasonable thing one can do right now.
This is one of a handful of rules, that fail on random input because their minimal patterns are relatively short. We could move them to a higher paranoia level or...
Thanks for your understanding. And sorry for being of little assistance here. But please keep reporting false positives. Very often, we just don't know about them. This time, the situation...
If I remember correctly, Apache waits for connections to be closed or whatever. I do not think it sends a RST or something, but it really waits. So if it's...
Do you see users splitting rules so they can exclude some of the patterns, but not all, as part of their local integration? I would argue that only PROs with...
These insights are very interesting. Thank you.
What is your threat model? Logviewer injection? Do you really think a Remote-IP header could be used for an XSS in reality? And we should block that a PL1? (Outside...