-
add Proxy in front with e.g., HAProxy with Mod Security
this will increase security from a defense of depth perspective
-
**Describe the bug**
libModSecurity3 does not log the request body in the audit log, although the triggered rules, response body and request/response headers are logged.
**Logs and dumps**
``…
-
Hi!
Setting _SecResponseBodyAccess_ to _Off_ does not prevent response body from being logged ( _SecAuditLogParts ABIJDEFHZ_)
Does it mean that with _SecResponseBodyAccess Off_ ResponseBody is st…
-
Hi,
I'm new in OpenWAF and I have few questions:
1. Where I can find all rules in OpenWAF git repo and on which conditions there are defined? I found this rules https://github.com/titansec/OpenWAF/t…
-
First report: https://github.com/coreruleset/coreruleset/issues/3266 (reporter: @leveryd)
### Describe the bug
Rules with the `rx` operator matching the "start of line" metacharacter (`^`) behave …
-
see:
``
2024/03/09 08:45:26 [error] 2711#2711: *1414 [client ] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANO…
-
I did a quick research and I did not manage to find documentation about how versioning is being done in CRS. Are you following semver? if so, could we document it? Also, a quick note on what means a b…
-
Elementor Plugin
I am getting a 403 error when I try to save some changes that I made to my page using the html/text editor.
Server error Log:
"POST /wp-admin/admin-ajax.php HTTP/1.0" 200 94…
-
Hello,
At first thank a lot for you work for this project he is very nice.
I found that some field in the log from coraza are duplicated see the log bellow when i tested an SQL injection.
```json…
-
### Describe the bug
I aimed to troubleshoot a false positive for a CRS rule on my coraza-caddy instance and wished to compare my results with the sandbox proposed by OWASP. However, when doing…