ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
MODSEC-284: Using @rsec cause additional grabage on the page (at the end of the page)
Even with a rule which does nothing like the below, it adds that garbage
SecRule STREAM_OUTPUT_BODY "@rsub s/html/html/" "phase:4,t:none,nolog,pass"
It seems that the buffer is not initialized properly or not used correctly, which causing binary strings or page parts to appear at the end of the string (after the
MODSEC-284: Using @rsec cause additional grabage on the page (at the end of the page)
Even with a rule which does nothing like the below, it adds that garbage SecRule STREAM_OUTPUT_BODY "@rsub s/html/html/" "phase:4,t:none,nolog,pass"
It seems that the buffer is not initialized properly or not used correctly, which causing binary strings or page parts to appear at the end of the string (after the