-
### Description
I've encountered some shell false positives for 932260 (PL1) , 932236 and 932239 (PL2) for commands like sudo, df, fd, and grc.
Some of these I'm obviously familiar with, but…
-
Mod security blocks a valid request having
9--aB7mnS7GdA3IQ
ModSecurity: Access denied with code 403 (phase 2). detected SQLi using libinjection. [file "/etc/nginx/owasp-modsecurity-crs/rules/REQ…
-
## 1. The problem I'm having:
Hello,
We don't have the value of the msg field in the anomaly score log wich have the rule id 980170.
this was already reported and fix in [#684 ](https://githu…
-
### Description
For certain GraphQL queries the rule 932200 is creating false positives.
For example, for the following GraphQL query, the rule is tracing $f and blocking it even though its a val…
-
### Description of the bug
Hi Vaadin Team.
When creating a Button with a ClickShortcut, the request to the server is intercepted by the ModSecurity WAF.
**Setup:**
Client Browser Apache (wi…
-
Hello,
I'm encountering a problem with this module, specifically, the RAM usage keeps rising consistently whenever I incorporate a new Caddyfile configuration (or when I activate the WAF on an exi…
-
### Description
### How to reproduce the misbehavior (-> curl call)
`curl -H "x-format-output: txt-matched-rules" "https://sandbox.coreruleset.org/?bla=time%20express"`
however "time" (which …
-
there exists a ReDOS vulnerability for the following input:
///////////////////////////////////////////////////////////////////////////////////=>
about 4K of ///// = 30 seconds parse time on an …
-
### Description
The PHP `printf` rule is triggering issues on URLs like "SprintForTheCause".
### How to reproduce the misbehavior (-> curl call)
```sh
curl -H "x-format-output: txt-matched-r…
-
I tried to use the config file from this repository for caddy server
and I got the following error:
```
2021/12/09 19:14:01.918 INFO using provided configuration {"config_file": "test/Caddyf…