ModSecurity-apache icon indicating copy to clipboard operation
ModSecurity-apache copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

Smallfixes

Open airween opened this issue 6 years ago • 2 comments

With these commits, the Apache passes all CRS (3.1) regression tests (with patched libmodsecurity3).

airween avatar Mar 11 '19 21:03 airween

Hi @airween,

You mentioned that it depends on the patched libModSecurity. Do you mind to share the exact patches that you are referring to?

zimmerle avatar Apr 03 '19 01:04 zimmerle

Hi @zimmerle

there is one bug in libmodsecurity3, what I couldn't fixed yet. In the tests what I referred above, I've used a quick and dirty workaround for some CRS rule. I need some time to finish that.

Any other patches are shared, most of them are merged :).

Note, that these fixes are independents of the libmodsecurity3 and those patches.

Finally, the ec098a isn't complete yet too (the process_intervention() missing when msc_process_request_body() called, but with it the response will always HTTP 400, no matters what is in the rule, eg. 403 or something other...).

Summarize: I think these collection won't spoil the Apache connector :), and I guess this way is right to make it better.

airween avatar Apr 03 '19 06:04 airween