Pinned issues
Issues
- 0
Dependency Dashboard
#906 opened by renovate - 0
Audit Logs are not indicating all matches
#1070 opened by joshi-mohit - 2
- 2
Variable names are always lowercased in collections
#946 opened by blotus - 3
Variable names should be case sensitive per RFC 3986
#1041 opened by fzipi - 0
v4 milestones
#945 opened by jptosso - 2
AuditLog
#977 opened by Eyup-Devop - 0
“setvar:ip.docs_block-counter” Unable to resolve
#1069 opened by nanchen114 - 10
/tmp "crzmp*" never deleted after a POST
#922 opened by UnveilTech - 8
content-encoding
#976 opened by Eyup-Devop - 0
Action 'exec' does not work
#1048 opened by gassonet9 - 8
- 2
Support `SecRequestBodyNoFilesLimit` directive
#896 opened by M4tteoP - 4
Add two new security verification functions to achieve flexible use of security verification
#1044 opened by k4n5ha0 - 1
- 1
Fuzz tests #470 failed
#1050 opened by github-actions - 1
Fuzz tests #469 failed
#1049 opened by github-actions - 1
Fuzz tests #472 failed
#1053 opened by github-actions - 0
Fuzz tests #471 failed
#1052 opened by github-actions - 0
Allow action generates logs in DetectionOnly mode
#1051 opened by MrWako - 2
SecRequestBodyLimitAction Reject should be invoked only if content-length is greater than SecRequestBodyLimit
#1045 opened by brijeshjvalera - 5
Misconfiguration errors to help adoption
#1007 opened by MrWako - 5
SecRuleUpdateTargetByTag in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS doesn't seem to work (Caddy)
#1018 opened by ErazerBrecht - 1
- 0
Incomplete Anomaly Score Log: Missing Value for 'msg' Field with Rule ID 980170
#1021 opened by Barnoux - 1
Chain rule for excluding matched_var_name
#1019 opened by joshi-mohit - 5
e2e: Expose expected config and e2e test cases
#1006 opened by fionera - 1
Generating Prometheus stats also in DetectionOnly mode
#1008 opened by iMaxGit - 6
Chain Rule audit Log MATCHED_VAR
#978 opened by Eyup-Devop - 6
Allow to parse JSON/XML inside specific variables
#917 opened by blotus - 0
Implement `SecRuleUpdateActionByID`
#929 opened by M4tteoP - 2
Monthly meeting agenda (December 2023) 🎅
#948 opened by jptosso - 10
DetectionOnly mode seems to change 201 response to 200
#967 opened by MrWako - 4
Consider making key http/middleware functions public
#982 opened by MrWako - 8
Raw body processor
#938 opened by blotus - 6
Adds support for SecRuleRemoveByTag
#973 opened by jcchavezs - 0
Add support for logging using OCSF
#974 opened by fzipi - 1
Support for OWASP CRS V3.3
#947 opened by jlbprof - 1
- 0
- 2
- 0
First class CRS variables
#949 opened by jptosso - 2
REQUEST_COOKIES keys can contain a whitespace
#942 opened by zeylos - 0
docker command on the benchmark page does not work.
#936 opened by monkburger - 0
Missing setters from public collection package
#937 opened by blotus - 0
REQUEST_COOKIES variables gets implicitly URL decoded
#920 opened by M4tteoP - 5
- 1
It supports multiple data source inputs and is used as a pure detection engine
#916 opened by sun-sun-sun - 0
Monthly meeting agenda (October 2023)
#890 opened by jptosso - 4
CRS strconv.Atoi: parsing tx.blocking_outbound_anomaly_score: invalid syntax
#888 opened by davidmytton