ModSecurity
ModSecurity copied to clipboard
owasp-modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...
Debian is taking steps to remove `xml2-config` in the current development cycle. ModSecurity uses `xml2-config` to find the libxml2 include paths and linker flags. This patch uses `pkg-config` to find...
As listed at #715 the Sanitize actions are not yet working on v3. https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#sanitiseArg
When I use collection 'IP', the variable in collection never expire even if I restart nginx. The variable in collecion expired unless I remove the files:`modsec-shared-collections` `modsec-shared-collections-lock` in disk,
**Describe the bug** I want to analyse POST body content but I don't want to print any POST body content (or any actual data snippets from the request, such as...
**Describe the bug** If the url path contains %3f, cannot get real `REQUEST_FILENAME`. **Logs and dumps** ``` ModSecurity: Warning. Matched "Operator `Gt' with parameter `0' against variable `REQUEST_URI_RAW' (Value: `/path1%3fpath2?query=%3f'...
It often leads memory leak on nginx reload using modsecurity branch 3.1-experimental and master,I hope that the official will fix this problem as soon as possible, which has a serious...
`coreruleset` v3 introduces Paranoia Level, assign score for rule, and evaluate in separate rule. In some cases, the request is not disruptive, however it's logged in audit log. We'd like...
Metadata
Owner
Metadata
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o...