owasp-modsecurity/ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
C++Apache-2.0
Issues
- 14
SIGSEGV writing log on FreeBSD
#3255 opened by einsibjarni - 36
Discussion of the new XML processing feature
#3178 opened by airween - 7
- 2
Full-width XSS attacks are not being detected
#3258 opened by xzhang-ipipeline - 5
- 4
libmodsecurity.so acts different when enabled with/without json support
#3256 opened by allahshukur-ahmadzada - 3
- 3
ModSecurity GeoIP Lookup Issue with No Geo Data
#3251 opened by brenton-al - 4
- 5
How do variables work
#3244 opened by tiptop-crazy - 3
- 4
When used in conjunction with nginx, requests to the root route are always loaded twice.
#3238 opened by pya789 - 1
rx: regex error 'MATCH_LIMIT' for pattern
#3237 opened by Lathanderjk - 1
The
#3235 opened by Rayhutch7007 - 0
He
#3234 opened by Rayhutch7007 - 4
- 1
- 3
libModSecurity3: all triggered rule IDs sometimes won't be logged with anomaly scoring
#3204 opened by EsadCetiner - 1
Detect user agent and execute action
#3184 opened by AngelSamuel - 9
Discussion about 'hostname' field in log
#3200 opened by airween - 2
after scan coreruleset-main.zip by Microsoft defender for business version.
#3201 opened by langenggithub - 3
configure: error: PCRE2 was explicitly referenced but it was not found in v3.0.12
#3197 opened by samuelzokovich - 2
Mod3 ./configuration show missing
#3196 opened by crs-web - 4
Bazel build on Windows
#3186 opened by varkey98 - 2
[FEATURE] Add a new `t:removeSQLComments` transformation
#3195 opened by fzipi - 7
Problem about proxy action
#3170 opened by prince-java - 1
[BUG] multiMatch lead to unexpected match
#3183 opened by leveryd - 4
No error log if noauditlog is set
#3180 opened by Rapsody09 - 1
350001 rule blocks the Facebook Sharing Debugger bot
#3179 opened by MariuszMilka - 1
Not working with Nginx + HTTP/3
#3177 opened by jefersonbertoli - 4
- 10
`[client <ip address>]` field is missing in `modsec_audit.log` in section H
#3174 opened by n-rodriguez - 3
- 4
Build error related to APR in config.c
#3173 opened by Marcool04 - 1
@pmFromFile problems
#3165 opened by swagliquido - 7
None human readable AuditLog examples.
#3168 opened by s3rj1k - 11
Not Working with IIS
#3167 opened by hadiloghman - 2
Best solution/workaround sanitise modsecurity v3
#3163 opened by cello86 - 1
xss attack not blocked on juice shop
#3162 opened by louis07r - 2
How to disable audit logging of some HTTP_CODE?
#3147 opened by ShaiMagal - 4
AH00526: Syntax error on line 93 of /etc/apache2/modsec/owasp-modsecurity-crs/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf: Error parsing actions: Unknown action: \\ Action 'configtest' failed. The Apache error log may have more information.
#3142 opened by jinji-lab - 5
- 0
Apache: Short Lingering Close
#3143 opened by studersi - 1
Ignore SecStatusEngine directive in v2
#3137 opened by airween - 4
- 7
- 2
Update link on Reference Manual v3 wiki page
#3136 opened by MefhigosetH - 2
[Idea] Add variable support for SecAuditLog
#3133 opened by Xakiadalisabad - 0
@rbl operator does not support IPv6
#3131 opened by airween - 6
docs, contributing: shorten description to improve flow for GitHub contributors, rewrite for owasp
#3130 opened by eflanagan0