-
This question is in relation to some troubles the downstream ingress-nginx project has with modsecurity: https://github.com/kubernetes/ingress-nginx/issues/8388
When conflicting modsecurity rules/s…
-
### Description
I am running a live site. https://danran.rocks
On my wordpress site health status page, I am getting a performance error/notification:
```
The REST API encountered an unexpec…
-
### Description
go-ftw does not handle files descriptors properly and is therefore not able to run on windows. Windows refuses to delete files as long as a file descriptor is open.
I understand …
jabdr updated
2 weeks ago
-
I think there is a mismatch between modsec-3 implementation and modsec documentation.
According to https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#request_body
the REQUE…
-
**SanitiseArg does not work in RequestBody**
This time without messed up markdown :)
Taken right from the docs: https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-c…
-
The official doc for modsecurity 2.x and 3.x for both `SecRuleUpdateActionById` and `chain` are errant. They lead to errant rule writing and/or exposing underlying modsecurity bugs. I request clarific…
-
`2024-08-01T17:03:30.006424816Z 2024/08/01 19:03:29 [error] 4153#4153: *4134 [client 151.15.29.137] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains…
-
### Description
I am running a live site. https://mcmo.is
On my wordpress site health status page, I am getting a performance error/notification:
```
> The REST API is one way that WordPre…
-
The CRS team believes that strange CRS problems are reported when users use NGINX Ondrej PPA.
Reports:
* SO link to follow ***FIXME***
What we _think_ the problem is: ***FIXME***
We would l…
-
The following block triggers an error in v3 (nginx):
```
SecRule REQUEST_FILENAME "@unconditionalMatch" \
"id:888888,\
phase:1\
chain"
SecRuleScript test.lua "nolog"
```
The error is…