-
### Description
When uploading a file in a multipart body, the rule '941330' denies the request.
The regex defined matches the "Content-Disposition" header in the body of the request in case it also…
-
## Summary
Using libcoraza, latest from Github. I created a small C program that started loading the Rule files from the latest OWASP.
```
Attaching log callback
coraza_rules_load_rules: rule…
-
### Issue description
see: https://github.com/apache/apisix-ingress-controller/issues/2043
I know the configuration method for a ruleset, but if multiple rulesets are referenced? Or is it …
-
## Description
With Core Rule Set `ver.4.0.0-rc1` I'm seeing Coraza log an error when parsing the `RESPONSE-980-CORRELATION.conf` rule. I have tested this with Coraza `v3.0.4` and also pinning to a…
-
I have multiple virtuals host on haproxy.
I wanted to know which is the right way to configure coraza-spoa with different configurations based on the backend or domain. To activate or deactivate the …
-
Errors are printed with double break line using console log format.
```
2023/07/14 12:49:16.929 ERROR http.handlers.waf [client "xxxxx"] Coraza: Access denied (phase 1). [file ""] [line "8…
-
CVE-2023-40586 references [github.com/corazawaf/coraza](https://github.com/corazawaf/coraza), which may be a Go module.
Description:
OWASP Coraza WAF is a golang modsecurity compatible web applicatio…
-
### Describe the bug
Right now the [INSTALL file](https://github.com/coreruleset/coreruleset/blob/v4.0/dev/INSTALL) mentions CRS v3 and how to upgrade from v2.
**Requirements**:
- [x] update wh…
fzipi updated
9 months ago
-
### Issue description
Do you have any plan to add waf to defend attacks like XSS, SQL Injection, WebShell?
-
# Monthly Chat Agenda October 2023 (2023-10-02 and 2023-10-16)
This is the Agenda for the two Monthly CRS Chats.
The general chat is going to happen on https://owasp.slack.com in the channel #c…