-
## Description
After loading all rules from `coreruleset` (https://coraza.io/docs/tutorials/coreruleset/), Coraza instance consumes 130MB.
From quick pprofing looks like issue is with `github.co…
-
ModSecurity is a more complete solution and probably better maintained than NAXSI, could you please consider to add it to Opnsense or nginx opnsense plugin.
Also it would be nice to have raw access…
-
| Target version | Related issue | Related PR |
|--------------------|--------------------|-----------------|
| 4.4.0 | https://github.com/wazuh/wazuh-qa/issues/3396 …
-
**Describe the bug**
A clear and concise description of what the bug is.
**Logs and dumps**
Output of:
1. DebugLogs (level 9)
2. AuditLogs
3. Error logs
4. If there is a crash, the core dump fi…
-
環境:
* Ubuntu 20.04.3 LTS
* nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020
TLS SNI support enabled
* ngx_waf: 照文件流程 compile 出來的 v10.1.1 Current 版
---
問題:
[waf_…
-
We have a difficult PCI compliance issue that they are rejecting the self-signed cert because of the default backend.
We've tried everything we can think of to ensure that a direct IP address won't…
-
I am using this image but wish to override the crs-setup.conf file so that I can enable Application Specific Rule Exclusions, I have my docker-compose.yml file setup as below:
```
image: owasp/mod…
-
**NGINX Ingress controller version** 4.0.1
**Kubernetes version** 1.21
**Environment**:
Baremetal, helm, with the following relevant values:
```
enable-modsecurity: "true"
enable-owasp-modsecu…
-
I add a new conf named `REQUEST-914-WEAKPASSWORD-DETECTION.conf` for modsecurity.
And write a rule within as below:
```
SecRule REQUEST_FILENAME|ARGS "@pmFromFile weak-passwords.data" \ …
-
**What happened**:
I am setting the following in the configmap:
```
hsts: "true"
hsts-include-subdomains: "true"
hsts-max-age: "63072000"
hsts-preload: "true"
```
But the r…