-
Hi,
i just installed ModSecurity (2.9.7) and OWASP_CRS (3.3.4) for my Nextcloud installation.
As expected, nothing worked anymore, which is why I tried to install this plugin by following the ment…
-
Hello,
I was thinking that it would be a good idea to integrate the OWASP coreruleset into this plugin. I guess this would mean translating all the rules into directives in yaml format.
Best,
E…
-
In order to identify reflected and stored Cross Site Scripting (XSS) attacks inside HTTP requests and SQL queries we need to implement a UDF that returns whether or not the input string contains a XSS…
-
We may want to add an action for docker security scanning:
https://github.com/phonito/phonito-scanner-action
fzipi updated
2 years ago
-
Hi Guys,
run this script, met issue(as title), can help? thanks
my modsecurity(3.0.9) logs format:
```
{"transaction":{"client_ip":"10.200.101.16","time_stamp":"Thu May 11 02:13:58 2023","se…
-
It seems that there is no regression testing for modsec3-nginx variant, is it intentional?
https://github.com/coreruleset/coreruleset/blob/main/.github/workflows/test.yml#L26
-
I think there is a mismatch between modsec-3 implementation and modsec documentation.
According to https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#request_body
the REQUE…
-
Hi there,
thanks for the great work on CRS.
It would be nice if the maintenance plans for CRS 3 would be documented. Like eg. no more releases planned, or only 3.3.x releases for another 12 months o…
-
The official doc for modsecurity 2.x and 3.x for both `SecRuleUpdateActionById` and `chain` are errant. They lead to errant rule writing and/or exposing underlying modsecurity bugs. I request clarific…
-
### Describe the bug
Variables created using `setvar` in ModSecurity rules are being automatically deleted after 1 minute, even without explicitly setting `expirevar`. This occurs when trying to impl…