owasp-modsecurity ModSecurity issues

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

7.61k stars 1.53k forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Remove cppcheck suppressions with line numbers in test/cppcheck_suppressions.txt

#3134 eduar-hte closed 1 day ago
28
[Idea] Add variable support for SecAuditLog

#3133 Xakiadalisabad opened 1 week ago
2
Add support to build libModSecurity v3 on Windows

#3132 eduar-hte opened 1 week ago
11
@rbl operator does not support IPv6

#3131 airween opened 1 week ago
0
docs, contributing: shorten description to improve flow for GitHub contributors, rewrite for owasp

#3130 eflanagan0 closed 1 week ago
6
Incorrect utf8toUnicode transformation for 00xx

#3129 marcstern opened 1 week ago
0
fix: update submodule url

#3128 fzipi closed 1 week ago
1
fix(rbl): typo in rbl check selector

#3127 fzipi closed 1 week ago
3
Regular Expression Failure Triggers `!@rx`

#3123 ssigwart opened 2 weeks ago
1
Phasing out SecStatusEngine

#3122 vloup opened 2 weeks ago
2
feat: Allow regular expressions in ctl:ruleRemoveTargetByX variable names II.

#3121 airween opened 2 weeks ago
29
Check for null pointer dereference (almost) everywhere

#3120 marcstern opened 1 month ago
3
Lua installed, but Modsecurity still dont work with it

#3119 duongtuankiet opened 1 month ago
0
Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost?

#3118 vukitoso opened 1 month ago
0
fix: Changed 'equal_range()' + loop by 'find()' in resolveFirst() methods

#3117 airween opened 1 month ago
1
Deleted redundant code in 'ModSecurity::serverLog(...)'.

#3116 gberkes opened 1 month ago
2
Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist.

#3115 ic32k opened 1 month ago
4
fix: Sonarcloud memleak fixes

#3114 airween opened 1 month ago
2
SecAuditLogPart 'E' is logged even if it is not configured

#3113 rahulthackkar closed 1 month ago
7
Feature request: Limit the number of rules processed per request

#3112 no-sec-marko opened 1 month ago
3
Annoying DNS queries with @rbl operator

#3111 ne20002 closed 5 days ago
18
How to disable some logs?

#3110 rahulthackkar closed 1 month ago
27
libmodsecurity3: Request body is not logged

#3109 EsadCetiner opened 1 month ago
10
SecRuleScript actions always considered disruptive

#3108 theseion opened 1 month ago
1
Enhancement: Improve log statement for SecArgumentsLimit issue instead of JSON parsing error

#3107 kkrupka opened 1 month ago
4
SecGeoLookupDb /etc/nginx/geoip/GeoLite2-City.mmdb crashes ingress-controller if it cannot be read

#3106 lantzemil closed 1 month ago
9
NULL pointer checks & compiler warnings

#3105 marcstern opened 1 month ago
1
V3/remove this throw call transaction h

#3104 gberkes opened 2 months ago
3
base64decode behaviour

#3103 emiliocamposmartin closed 1 month ago
3
Debian package dependencies are broken

#3102 logopk opened 2 months ago
10
doc: Update CHANGES

#3101 airween closed 2 months ago
1
SecAuditLogFormat set to JSON prints logs in native format aswell

#3100 Shivam0609 opened 2 months ago
7
Fix possible segfault in collection_unpack

#3099 twouters closed 2 months ago
3
Ep/scoped for: second pr

#3098 devzero2000 closed 2 months ago
1
build: don't directly use the .libs directory

#3097 orbea closed 2 months ago
5
Clean up 'return' never will be executed.

#3096 gberkes closed 2 months ago
1
fix: Replace obsolete macros

#3095 airween closed 2 months ago
1
fix: Replace obsolote macros

#3094 airween closed 2 months ago
1
Align "reference" field value in JSON transaction log with standard log.

#3093 asamuta opened 2 months ago
9
fix: Change 'SecEngineStatus' to Off by default

#3092 airween closed 2 months ago
2
malloc error when executing make (debian11, nginx)

#3091 janis-mueller closed 2 months ago
11
Ep/scoped for

#3090 devzero2000 closed 2 months ago
4
SanitiseArg does not work in RequestBody

#3089 Seppl2202 opened 2 months ago
5
SanitiseArg does not work in RequestBody

#3088 Seppl2202 closed 2 months ago
0
chore: update bug-report-for-version-2-x.md

#3087 fzipi closed 2 months ago
1
chore: update bug-report-for-version-3-x.md

#3086 fzipi closed 2 months ago
1
SecStatusEngine should be "Off" in modsecurity.conf-recommended

#3085 fzipi closed 2 months ago
1
Problem with logfile's name

#3084 sivsoft opened 2 months ago
4
No CPE for 3.0.11 and 3.0.12

#3083 frankvanbever opened 2 months ago
4
Segmentation fault during collection cleanup on possibly corrupted dbm data

#3082 twouters closed 2 months ago
5