ModSecurity

ModSecurity copied to clipboard

Build fails because of missing `library/base64.c` when using Mbed TLS 4.x — Is support planned?

2

Hello ModSecurity team, First of all, thank you for your excellent work on ModSecurity (v3 / libmodsecurity) — it’s a great WAF library. I attempted to build ModSecurity v3 against...

TheophileDiot

Event message with description "Invalid function" in the Windows Application Event Log

13

**Describe the bug** Confused ModSecurity event message in the Windows Application Event Log. **To Reproduce** 1. Install [ModSecurityIIS_2.9.7-64b-64.msi](https://github.com/owasp-modsecurity/ModSecurity/releases/download/v2.9.7/ModSecurityIIS_2.9.7-64b-64.msi) 2. Configure ModSecurity for the website 3. Open website in a browser...

skvoboo-gh

Question: how is setenv supposed to work in ModSecurity 3.0.x

3

Hi, In the documentation under **setenv** there is a sentence `Description: Creates and updates environment variables that can be accessed by both ModSecurity and the web server.` I have rule...

duckasylum

Sanitizer reports (ASAN, UBSAN)

1

Compilation flags: * -fsanitize=address * -fsanitize=undefined gcc (Debian 12.2.0-14+deb12u1) 12.2.0 g++ (Debian 12.2.0-14+deb12u1) 12.2.0 ModSecurity v3.0.14 (https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.14) Reproduce: I can't describe the exact process, it's done by a script that...

chenuduss

Performance issues with ModSecurity2/Alpine/PCRE2

5

**Describe the bug** When using PCRE2 instead of PCRE1 there is a significant performance loss with ModSecurityV2 on Alpine Linux compared to Debian. A ModSec2 installation with Apache on Alpine...

as-rail

2.9.12 installer

2

Please will you release a windows installer for 2.9.12

perlsol

Stack overflow in pcre.dll

10

**Describe the bug** ``` Log Name: Application Source: Application Error Date: 20/08/2025 7:23:13 PM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: dev.synrg.com.au Description: Faulting...

skvoboo-gh

High RAM Usage with Concurrent Logging Mode in ModSecurity

2

### Description I am experiencing an issue where my application consumes a high amount of **RAM** when using the **Concurrent Logging** mode in ModSecurity. The memory usage increases gradually over...

SonNgo2211

Recommended rule 200005 misses MSC_PCRE_LIMITS_EXCEEDED in phase 2

2

**Describe the bug** The recommended rule [200005](https://github.com/owasp-modsecurity/ModSecurity/blob/v2.9.11/modsecurity.conf-recommended#L106-L112) runs too early to catch most `MSC_PCRE_LIMITS_EXCEEDED` flags that happen in phase 2. **Logs and dumps** - **To Reproduce** - **Expected behavior** The...

studersi

request on iis with more than 999 characters single value in cookie are getting blocked and no specific rule to fix

1

using owasp mod security on iis version 2.9.7, after june update the following bug started to happen requests with a single cookie variable value of longer than 999 characters are...

HumanUndead