-
### Describe the bug
I aimed to troubleshoot a false positive for a CRS rule on my coraza-caddy instance and wished to compare my results with the sandbox proposed by OWASP. However, when doing…
-
### Describe the bug
We need to agree on a consistent way to reference multi-byte characters in regular expression patterns (and we can enforce this via `rules-check.py`.)
Our current approach t…
-
**Is your feature request related to a problem? Please describe.**
Application firewalls following the OWASP core ruleset (coreruleset.org) scan for SQL injection attempts and trigger on valid Espo…
-
**Describe the bug**
In libmodsecurity3, SecAction can't be disabled via a ctl action like with SecRules. This issue isn't present in ModSecurity2.
**Logs and dumps**
N/A
**To Reproduce**
…
-
Hello everyone,
I'm working on a final year project for my school. The project is a simple nginx reverse proxy with modsecurity and behind it a juice shop.
The problem is that modsecurity blocks sql…
-
I am trying to create a superduper all-in-one package, that has:
1. OIDC support as the webserver as the relying party
2. Modsecurity
I have found out that nginx-plus supports oidc, but its ngi…
-
**Describe the bug**
Error log entries are truncated if the error log line is long enough. This cuts off information like the rule tags, sometimes even severity etc.
This comes up in the context…
-
GovCert Switzerland has published a list of file extensions they think should be blocked: https://www.govcert.ch/downloads/blocked-filetypes.txt
-
### Description
This is very similar to #3721. The word "left" can trigger false positives. An example is "Take a left (1 mile)".
### How to reproduce the misbehavior (-> curl call)
```sh
cu…
-
Hello again, thank you very much for your answer in #20 (I tried to find a way into the code by myself with your help but without success this morning).
So my issue today is about logs again, which…