ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
Hi all, I tried to analyze this issue and propose a possible fix using an AI-assisted approach. For transparency: I am not a professional programmer, and this contribution is meant...
There is a funny behavior in the 2.9.x release line that I discovered yesterday. ModSec 2.9.x has a habit of writing a prefix into the error log: `[client ] ModSecurity:...
Hello, This issue followed this PR : https://github.com/coreruleset/coreruleset/pull/4347 and this comment : https://github.com/coreruleset/coreruleset/pull/4347#issuecomment-3556322624 `Since we cannot rely on REQUEST_BODY (and therefore not on REQUEST_BODY_LENGTH, which depends on REQUEST_BODY) for this...
This is a potential fix to https://github.com/owasp-modsecurity/ModSecurity/issues/2848 It was AI generated by Google AI Studio Here are it's workings: Based on the Valgrind output and the provided code, the memory...
ModSecurity 3.0.14 ``` Initializing ModSecurity and RulesSet... Rules loaded successfully. Attempting to initialize ModSecurity collections via temp Transaction... Collections initialization attempt completed. __AFL_INIT()... __AFL_INIT() done. Entering __AFL_LOOP... Processing transaction with...
## what Range based for loops with references are already used in this project, but in a few places not. I am not sure why. I changed this code locations...
Unfortunately the `RBL` operator returns the originally IP on match, but not the "real" response. This means, that this operator only could be used on a boolean base like "If...
To integrate the ModSecurity 2.x with HAProxy, I compiled the standalone/ . It compiles successfully, but when linked with SPOA published at https://github.com/haproxy/spoa-modsecurity/ link phase fails with: ``` LANG=C make...
## what This PR fixes the last broken regression test and adds the whole regression test workflow to GH CI. ## why The regression tests were almost finished, now I...
Hi, On Amazon Linux 2023 (AArch64) using ModSecurity v2.9.12 with Apache 2.4.65, audit logs fail to write even with valid configuration and writable path. Debug logs report: `[15/Oct/2025:13:55:40.259888 +0200] [10.104.19.109/sid#aaaae39e0938][rid#ffff18026b80][/health/status][4]...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...