owasp-modsecurity/ModSecurity

Issues

• Operator @fuzzyHash don't work as expected

  #3462 opened a day ago by capy3ra
  2

• libmodsecurity3: not returning 403 on response phases

  #3461 opened a day ago by EsadCetiner
  4

• Question: How can I make an exception for a rule with a specific Id?

  #3460 opened 3 days ago by 1gm4
  5

• ModSecurity v2.9.12 “Skipping request since there is nowhere to write to” despite valid SecAuditLog configuration

  #3446 opened 24 days ago by tinhutins
  8

• SecRule with SSL_CLIENT failed

  #3459 opened 4 days ago by nono303
  3

• legacy pcre being preferred over pcre2 during ./configure

  #3453 opened 4 days ago by Vitadek
  3

• ModSecurity v2.9.12: find_yajl.m4 fails to detect YAJL installed from source

  #3457 opened 5 days ago by weida
  1

• IP Collection not working properly

  #3416 opened 12 days ago by Greentears
  9

• 2.x standalone fails to link since ap_map_http_request_error() is not exported as APR function

  #3451 opened 17 days ago by kabe-gh
  1

• Build fails because of missing `library/base64.c` when using Mbed TLS 4.x — Is support planned?

  #3450 opened 18 days ago by TheophileDiot
  2

• Event message with description "Invalid function" in the Windows Application Event Log

  #3408 opened 5 months ago by skvoboo-gh
  13

• Question: how is setenv supposed to work in ModSecurity 3.0.x

  #3449 opened 22 days ago by duckasylum
  3

• Sanitizer reports (ASAN, UBSAN)

  #3448 opened 23 days ago by chenuduss
  1

• Compile ModSecurity on Windows cannot build dll file

  #3444 opened 25 days ago by YornSokha
  5

• [Feature Request] Mod_Security as a Webmin Menu

  #3445 opened a month ago by sshcli
  3

• libModSecurity3: `REQUEST_HEADERS` names are treated as case sensitive

  #3441 opened 2 months ago by EsadCetiner
  4

• question: libModSecurity compile against musl instead of glibc?

  #3439 opened 2 months ago by schunckt
  1

• Performance issues with ModSecurity2/Alpine/PCRE2

  #3409 opened 5 months ago by as-rail
  5

• SecAuditLogRelevantStatus conf is not working？

  #3433 opened 2 months ago by opsmeta
  9

• 2.9.12 installer

  #3440 opened 2 months ago by perlsol
  2

• running `./build.sh` on Ubuntu 24.04 gives warnings: "warning: wildcard utils/*.h: non-POSIX variable name"

  #3435 opened 2 months ago by Danrancan
  4

• Stack overflow in pcre.dll

  #3436 opened 3 months ago by skvoboo-gh
  10

• High RAM Usage with Concurrent Logging Mode in ModSecurity

  #3414 opened 4 months ago by SonNgo2211
  2

• Unable to parse absolute Windows path as value of modsecurity.conf directive

  #3429 opened 3 months ago by skvoboo-gh
  14

• >=v3.0.13 release for ubuntu 22.04

  #3423 opened 3 months ago by imgurbot12
  4

• Semantic of MATCHED_VARS / MATCHED_VARS_NAMES

  #3382 opened 3 months ago by mirkodziadzka-avi
  16

• Recommended rule 200005 misses MSC_PCRE_LIMITS_EXCEEDED in phase 2

  #3415 opened 4 months ago by studersi
  2

• ModSecurity2 v2.9.11 not working on RHEL 7 due to undefined symbol: pcre2_set_depth_limit

  #3417 opened 4 months ago by friesoft
  5

• request on iis with more than 999 characters single value in cookie are getting blocked and no specific rule to fix

  #3413 opened 4 months ago by HumanUndead
  1

• Error in msc_status_engine.c

  #3410 opened 4 months ago by Greentears
  5

• Enhancement: Extend CI workflow to test library detection with manually compiled dependencies

  #3407 opened 5 months ago by JustCoding247
  10

• ModSecurity 3.0.14 configure script fails to detect lib64-installed YAJL, LMDB, and PCRE2

  #3404 opened 5 months ago by JustCoding247
  2

• ModSecurity v3 doesn't supports using multiple files with @pmFromFile

  #3403 opened 5 months ago by Xhoenix
  2

• Audit log no longer written since update to 3.0.14

  #3402 opened 5 months ago by mpitzl
  6

• Quotation Mark Formatting in ModSecurity Logs: Is the Use of Backticks and Single Quotes Correct?

  #3369 opened 6 months ago by wRkA
  4

• ip collection does not seem to work properly with latest ModSecurity

  #3394 opened 5 months ago by ne20002
  21

• Remove possiblity to disable early-blocking processing

  #3362 opened 7 months ago by arminabf
  11

• modsecurity.conf last file

  #3367 opened 5 months ago by Max131412
  7

• 2,9,7 Appl Error 1000 in w3wp.exe Module ucrtbase.dll

  #3397 opened 5 months ago by FrankWarius
  14

• Outdated product version in the MSI installer

  #3399 opened 5 months ago by skvoboo-gh
  5

• ModSecurity 2.9.8 syntax error Cannot find variable to replace

  #3395 opened 5 months ago by cello86
  8

• rbl operator not working with ipv6, how to detect ip version?

  #3396 opened 5 months ago by ne20002
  2

• Readme instructions for IIS installation

  #3370 opened 6 months ago by tbremard
  6

• Recommended Location, permissions, and ownership of "SecTmpDir" and "SecDataDir"

  #3384 opened 6 months ago by Danrancan
  1

• modsecurity.digitalwave.hu no release file

  #3381 opened 6 months ago by rishabhAjay
  3

• Standalone module no longer logs client IP to error log

  #3373 opened 6 months ago by RedXanadu
  3

• Behavior change in regex macro expansion from 2.9.7 to 2.9.8 affecting CRS 3.2.x and 3.3.x

  #3380 opened 6 months ago by dune73
  8

• Duplicate Server headers in Audit Log when using more_set_headers or more_clear_headers in Nginx

  #3368 opened 6 months ago by wRkA
  1

• Wiki image link broken

  #3366 opened 6 months ago by stoecker
  3

• libmodsecurity + nginx + inspectfile clamav always returns 0

  #3360 opened 7 months ago by nedngo
  3