martinhsv

Hello @Rtw915 , As part of your description, you raise CVE-2023-38199. I don't believe that is relevant to your situation. The use case there is that multiple Content-Type **request** headers...

Hi @Rtw915 , Usually the simplest way to view which response headers ModSecurity sees is to examine part F of the audit log. A good way to better understand what...

Hi @Rtw915 , If you add two Set-Cookie headers in the web page itself (using the technique that I linked to in my first reply), do you still only see...

Hello @marcstern , Could you please describe what problem this is intended to address?

So this is recording every finding, right? I'm a little hesitant about such expansive use of the tx.0, tx.1, ... special variables. Most operators that support capture use only tx.0...

Hi @marcstern , I assume this is meant to address this issue that you raised?: https://github.com/SpiderLabs/ModSecurity/issues/2472

Hi @theMiddleBlue , Another option could conceivably be to structure the exclude as a regex. E.g. something like: ``` /^(json\.)?foo\.((foo|array_0)\.)bar$/ ``` Just doing a quick check with v3, It looks...

Hi @marcstern , There are a couple of ways to work around that current limitation: 1) It is often possible to rework a regular expression by using posix character classes...

Hi @marcstern , Whether there is a fully-functional workaround or not, a change can always be considered. But I'm not entirely clear on what you are proposing. Could you describe...

Hi @borisovdmitrii , There isn't really a great way to override what the rule has specified to write. You could remove that entire portion of the log output with something...