search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
8.11k stars 1.59k forks source link

The #3235

Closed Rayhutch7007 closed 1 month ago

Rayhutch7007 commented 1 month ago

Describe the bug

A clear and concise description of what the bug is.

Logs and dumps

Output of:

  1. DebugLogs (level 9)
  2. AuditLogs
  3. Error logs
  4. If there is a crash, the core dump file.

Notice: Be carefully to not leak any confidential information.

To Reproduce

Steps to reproduce the behavior:

A curl command line that mimics the original request and reproduces the problem. Or a ModSecurity v3 test case.

[e.g: curl "modsec-full/ca/..\..\..\..\..\..\/\etc/\passwd" or issue-394.json]

Expected behavior

A clear and concise description of what you expected to happen.

Server (please complete the following information):

Rule Set (please complete the following information):

Additional context

Add any other context about the problem here.

airween commented 1 month ago

I'm closing this issue due to the meaningless.