-
## What is missing or needs to be updated?
The following section
https://github.com/OWASP/CheatSheetSeries/blame/9c67e3ac45e2bfacd96e5dc324757cfb80e9ec1d/cheatsheets/REST_Security_Cheat_Sheet.m…
-
This question is in relation to some troubles the downstream ingress-nginx project has with modsecurity: https://github.com/kubernetes/ingress-nginx/issues/8388
When conflicting modsecurity rules/s…
-
Hi CRS Teams 👋
This idea bumps into my mind when I am trying to learn what is new in CRS 4.0. For CRS 4.0, one of the key features is the plugin.
Also, many new repositories are coming up to the …
-
### Description
I am running a live site. https://danran.rocks
On my wordpress site health status page, I am getting a performance error/notification:
```
The REST API encountered an unexpec…
-
I am using IIS Application Request Routing (ARR) with ModSecurity. ModSecurity is installed and configured with the OWASP Core rule set on Windows 2022. I am trying to improve the rule set by incorpor…
-
The following block triggers an error in v3 (nginx):
```
SecRule REQUEST_FILENAME "@unconditionalMatch" \
"id:888888,\
phase:1\
chain"
SecRuleScript test.lua "nolog"
```
The error is…
-
### Description
An XML containing the following XSS is not flagged as attack. Ignored up to PL4:
```
$ curl -H "x-crs-paranoia-level: 4" -H "x-format-output: txt-matched-rules" -H "x-backend: a…
-
We found out that after upgrading to 1.9.6 there was a big hit in reading ~~ 270 files. After doing some version comparisions, the problem seems to be introduced in v1.9.3.
```
❯ go get -u github.co…
-
Hello everyone,
as already announced in your Slack channel, I am currently facing issues with Websocket connections in conjunction with coraza-caddy.
These connections work fine if I set `SecRuleE…
-
### Description
Hello,
I'm facing some false positive issue with rule id 942440 (Detect SQL Comment Sequences).
If the value is a domain name converted into Punycode (IDNA encoding), the regular …