-
Hi go-ftw Team,
I am working on updating some documentation, and I found that some of the docs are missing in the go-ftw. (e.g., the format of the YAML test file)
And I found it in the ftw repo:…
-
Hi,
I'm using Caddyserver through a docker-compose.yml and a custom build via a Dockerfile to enable Coraza-Caddy. If I'm incorporating this, for example, from your configuration, into my custom Ca…
-
### Description
I have a website that I want to protect with modsecurity. But I noticed a problem when processing cyrillic characters.
There is a combination of letters "имо". When this combina…
-
[`930110-7` test](https://github.com/coreruleset/coreruleset/blob/67a4d5e5b93d9b4067970d2dc712b6eac83214af/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml#L107-L122) is performed…
-
**Describe the bug**
ModSecurity sometimes doesn't fully log all of the rule IDs triggered within a request, this is annoying with false positives as you'll have to go through multiple tuning itera…
-
See: https://github.com/coreruleset/coreruleset/pull/1951
Needed:
- a list of the endpoints
- a list of static files
- a list of cache for ever files `favicon.ico and robots.txt` for example
…
-
https://github.com/coreruleset/coreruleset/blob/34e672c337498334201b1632c80529af6d25403b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942210.yaml#L518-L534
the payload after transform…
-
### Description
The rule `942160` seems not to trigger if the injection is followed by a `/`. It seems that, since only `REQUEST_BASENAME` is considered from the path, there's nothing to test again…
-
Hi there!
I don't know if it's a bug but the `[client ]` field is missing in `modsec_audit.log` in `section H`.
I know the client ip address is present in `section A` but it's not very handy to …
-
### Description
Rule 941160 struggles with false positives on URL encoding. This is because it called the ```t:utf8toUnicode``` and then called the ```t:urlDecodeUni```, the ```utf8toUnicode…