-
```
mod_security is a so-called web application firewall and available as Apache
module in the official Ubuntu distribution [1]. It promises to be able to
detect and prevent malicious client softwar…
-
Hi team:
will opensearch support rules similar to OWASP coreruleset to detect abonormal http request.
-
I am using IIS Application Request Routing (ARR) with ModSecurity. ModSecurity is installed and configured with the OWASP Core rule set on Windows 2022. I am trying to improve the rule set by incorpor…
-
Survey Q1 + Starting thesis ```10 jan``` {job next to thesis}
Also interested in the problem of _online trust_. General intro and overview by Bruce {rockstar of security research} [Ten Risks of PKI…
-
**SanitiseArg does not work in RequestBody**
This time without messed up markdown :)
Taken right from the docs: https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-c…
-
Hello everyone,
We have an exciting project on the table, and we're looking to engage the collective brilliance of this community. We're seeking contributions from individual engineers, open-source…
-
Testing ModSecurity3 in Apache I got some httpd cores at random times. Troubleshooting I found this problem.
```
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fa6e8f112ea…
-
Hi,
I successfully used the 912 DOS protection rules with CRS 3.3.5. It was not without some pain but anyway, I managed to get it working.
My 3.3.5 working configuration was this one:
```
…
-
### Description
Rule 941160 struggles with false positives on URL encoding. This is because it called the ```t:utf8toUnicode``` and then called the ```t:urlDecodeUni```, the ```utf8toUnicode…
-
### Description
I've encountered some shell false positives for 932260 (PL1) , 932236 and 932239 (PL2) for commands like sudo, df, fd, and grc.
Some of these I'm obviously familiar with, but…