-
We found out that after upgrading to 1.9.6 there was a big hit in reading ~~ 270 files. After doing some version comparisions, the problem seems to be introduced in v1.9.3.
```
❯ go get -u github.co…
fzipi updated
4 months ago
-
### Description
*.dat files can be blocked by default firewall configurations:
- https://github.com/dotnet/runtime/issues/89073
- https://github.com/coreruleset/coreruleset/blob/0bd51ff806c68e2a5…
-
Hello,
Whilst working with the most recent version (v2) of this module, I observed that the handle_errors directive is no longer functional with the 403 code initiated by the WAF. However, in the v…
-
```
$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d 'foo=console.log(msg)'
-- no output --
$ curl -H "x-format-output: txt-matched-rules" http://sandbox.corerule…
-
Hi Everyone,
My apologies for this issue. I can't find the documentation in a ready to read state.
I started at https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/656. https://github.com…
-
### Description
Data in the form `test.Enviro` will cause rule 930120 to be triggered. This is because the `@pmFromFile` operator is not case sensitive, and the `.env` entry in [lfi-os-file…
-
CRS releases come with an `.asc` file. The CRS releases could be verified like the other downloaded resources.
Example: https://github.com/coreruleset/coreruleset/releases/download/v3.3.0/corerules…
-
Hi,
we are currently running mod_security2 with the OWASP CoreRuleSet (CRS) in version 3.3.4.
And we get false-positive matches because of a user-defined XML-Filter for a GIS application.
It's so…
-
**Describe the bug**
When there's a regular expression error due to `SecPcreMatchLimit` or `SecPcreMatchLimitRecursion` (i.e. `MSC_PCRE_LIMITS_EXCEEDED`), a rule using `!@rx` will say that the rule…
-
This is the Agenda for the two Monthly CRS Chats.
The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2024-08-05, at 20:30 CEST. That's the 1st Mon…