ModSecurity-apache
ModSecurity-apache copied to clipboard
owasp-modsecurity
ModSecurity v3 Apache Connector
At the module startup we should have a banner to tell the version and everything else that may help during issue reporting process.
Using the latest libmodsecurity and ModSecurity-apache connector, section F of the audit log shows lots of duplicates. `---rs603yed---F-- HTTP/1.1 200 Connection: close Connection: close Connection: close Connection: close Connection: close...
Performance is a key element, specially in large deployments. We don't want the user to disappointed by the bad performance results after an upgrade. Notice however that the expectancy of...
In the past during the transition from ModSecurity 1 to ModSecurity 2, it was chosen to rename the module as mod_security2.so. Naturally the version 3 will be called mod_security3 and...
Use the Log Parser utility to make sure that results aren't different from version 2 to version 3. Use the OWASP version 3. The log parser utility is available here:...
Currently implementation is not looking into all phases that we current support on libModSecurity. It it mandatory to have it working on all the phases.
One of the ModSecurity logging features depending on write content on the webserver logging. In order to write in the webserver log, we need to create an wrapper/callback inside this...
ModSecurity apache connector is based on the ModSecurity version 2 module. The version 3 is using the same hooks of version 2, but for some reason the directories and locations...
Hello. Default SecAuditLogStorageDir = /opt/modsecurity/var/audit and all logs are written together, regardless of vhost. Is it possible to sort by vhost? /opt/modsecurity/var/audit/site1.com/ /opt/modsecurity/var/audit/site2.com/ ... Thx.
Hi, as modsecurity is now an OWASP project: are there any plans for ongoing/improved modsecurity apache httpd support? Will you continue to support modsecurity 2 or will this Modsecurity-apache module...
