Closed binaryfire closed 2 years ago
hibobmaster
commented
2 years ago Trustwave is announcing the End-of-Life (EOL) of our support for ModSecurity effective July 1, 2024. We will then hand over the maintenance of ModSecurity code back to the open-source community.
ModSecurity is maintained by open-source community nowaday.
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记,如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记,如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记,如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。
GitarPlayer
commented
2 years ago Could it be possible to use this Go library https://github.com/corazawaf/coraza instead of Modsecurity 3 since it never passed the test suites of the CRS rule developers fully. I would love to help implement this.
Hello!
The Modsec project is EOL: https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
But the OWASP core rule set will continue to be developed: https://coreruleset.org/
Is there a way we can add OWASP rules (https://github.com/coreruleset/coreruleset/tree/v4.0/dev/rules) directlty to ngx_waf without Modsec?