-
Hello,
I can upload files of other extensions but pdf.
Is there a list of allowed extensions?
-
I used SecGeoLookupDB to load the geolite2-country. MMD file, but it failed. Whether it's V2 or V3 GeoLiteDB ,Configuration is as follows
# For ModSecurity v3:
SecGeoLookupDB /usr/share/GeoIP/Geo…
-
## Background
When switching the modsec ingress controller using the runbook https://runbooks.cloud-platform.service.justice.gov.uk/Switch-ingress-to-v1-ingress-controller.html#resources-deployed-u…
-
Summary Observations:
PATCH method with JSON request body sent to ingress receives no response bytes on connection and connection is left open.
Connection is closed only when NGINX ingress is boun…
-
After:
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
wget http://nginx.org/download/nginx-1.21.5.tar.gz
tar zxf nginx-1.21.5.tar.gz
cd nginx-1.21.5
./configure --with-…
-
Hi,
after pulling the most recent image starting the container is no longer possible due to an error with `sed`:
```
sed: cannot rename /etc/nginx/nginx.conf: Device or resource busy
```
This…
-
The legacy PCRE implementation (more recently referred to as PCRE1) is no longer being updated, with v8.45 (from June 2021) expected to be the final version.
Also, nginx has recently (nginx/1.21.5)…
-
### Description
I have set up a owasp/modsecurity-crs docker container using a standard configuration. This works well for protecting my Nextcloud. But for the iOS app doing (chunked) file uploads …
-
v3.0.5
When I configure the following rules
SecRule REQUEST_URI "attack" "phase:1,id:100000001,log,block,t:none,redirect:%{REQUEST_HEADERS:scheme}/block.html?url=%{REQUEST_FILENAME}&intercept_domai…
-
Hello Folks,
I have created a rule to detect the Brute-force detection on a login page. The detection works as intented but on providing a valid login details rules doesn't trigger. Also, the coun…