-
**Describe the bug**
I suppose that "utf8toUnicode" should be able to handle full-width attacks. However, it doesn't seem that the attacks using full-width get detected, e.g. <script>alert("encoded")…
-
### Version
None
### Is your feature request related to a problem? Please describe.
Gloo currently runs an older version of modsecurity and the corresponding Core Rule Set.
### Describe the solut…
-
### Name and Version
bitnami/nginx-ingress-controller 10.3.0
### What architecture are you using?
amd64
### What steps will reproduce the bug?
Trying to deploy latest `nginx-ingress-con…
LeTuR updated
5 months ago
-
Keybase is unable to get keybase.txt when server uses ModSecurity with Core Rule Set.
Reason is that keybase is using GET withouth Accept header.
Related log entry:
[Thu Aug 14 08:59:12 2014] [error]…
-
**Describe the requested changes**
In the WAF docs for Gloo Edge there is a sentence, "More information on available rule sets, and the rules language generally, can be found here." The last word, he…
-
In order to improve security of DebOps web hosting plan, e.g. CRS support of [Apache server](https://github.com/debops/ansible-apache) and [Ngnix server](https://github.com/debops/ansible-nginx) DebO…
-
### Description
Data in the form `test.Enviro` will cause rule 930120 to be triggered. This is because the `@pmFromFile` operator is not case sensitive, and the `.env` entry in [lfi-os-file…
-
### Version
1.13.x (beta)
### Is your feature request related to a problem? Please describe.
WAF settings are confusing and overly complex - a simpler CRD with a single message would be easi…
-
### Description
I am running a live site. https://danran.rocks
On my wordpress site health status page, I am getting a performance error/notification:
```
The REST API encountered an unexpec…
-
As a user, we would like to skip the cost of ModSecurity rule processing for requests that are rate-limited by nginx. Today, the ModSecurity header phase is processed before the [ngx_http_limit_req_mo…