ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
I find a problem about proxy action.
If access a specified webpage file, such as "http://a.com/a/index.html", it can be successfully forwarded.
If access a directory, such as "http://a.com/a/", the error_log can log the url will be forwarded, but actually it cannot be forwarded.
Logs and dumps
[Wed Jun 12 11:04:12.784758 2024] [security2:error] [pid 97647:tid 139691269490432] [client 10.16.18.12:49131] [client 10.16.18.12] ModSecurity: Access denied using proxy to (phase 2) http://www.test1.com/a/index.html. detected XSS using libinjection. [file "/www/server/apache/conf/modsecurity/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "100"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:id: Githubissues.
Githubissues is a development platform for aggregating issues.
Describe the bug
I find a problem about proxy action. If access a specified webpage file, such as "http://a.com/a/index.html", it can be successfully forwarded. If access a directory, such as "http://a.com/a/", the error_log can log the url will be forwarded, but actually it cannot be forwarded.
Logs and dumps
[Wed Jun 12 11:04:12.784758 2024] [security2:error] [pid 97647:tid 139691269490432] [client 10.16.18.12:49131] [client 10.16.18.12] ModSecurity: Access denied using proxy to (phase 2) http://www.test1.com/a/index.html. detected XSS using libinjection. [file "/www/server/apache/conf/modsecurity/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "100"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:id: Githubissues.