mod-security – WindowsTechs.com

How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set

Posted on November 3, 2024 by Roshan John

I have three custom HTTP headers called X-Username, X-Role and X-Realm, I want to log the content of this header in the warning logs when some of the the rules are matched for a HTTP request.
I have edited one rule to log the header values… Continue reading How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set→

How to enable base64 decoding globally in modsecurity?

Posted on October 24, 2024 by whatisLimlee

I am testing modsecurity with xss attacks equipped with latest OWASP CRS with only XSS rules enabled . I found base64decoding is not done and its one of the reason for bypasses . however,If I have to add transformation to each rule in xss … Continue reading How to enable base64 decoding globally in modsecurity?→

How to put specific rules in OWASP core ruleset in detection mode?

Posted on October 1, 2024 by Roshan John

This is the content of my RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
# Set the rules to detection mode (they will log but not block)
SecRuleUpdateActionById 941100 "pass,log"
SecRuleUpdateActionById 941110 "pass,log"
S… Continue reading How to put specific rules in OWASP core ruleset in detection mode?→

How to put specific rules in OWASP core ruleset in detection mode?

Posted on October 1, 2024 by Roshan John

Why is PUT Request not allowed by default in OWASP CoreRuleSet

Posted on August 29, 2024 by Roshan John

Why is PUT method not allowed and how can I allow PUT methods without changing REQUEST-901-INITIALIZATION.conf file and REQUEST-911-METHOD-ENFORCEMENT.conf file.

Continue reading Why is PUT Request not allowed by default in OWASP CoreRuleSet→

Modsecurity parse nested keys in json

Posted on August 19, 2024 by Net Cedec

I am writing an exception rule. I have the JSON:
{"pageNumber":0,"pageSize":100,"sorts":[{"field":"hex","direction":"ASC"}],"filters":[{"field":&quot… Continue reading Modsecurity parse nested keys in json→

Where can I learn the complete architecture of Modsecurity WAF and how it works in depth ? This is for a research on current WAF technologies [closed]

Posted on August 6, 2024 by whatisLimlee

I am currently working on a security research project on WAF.
To understand the complete working of a WAF, I am planning to get started with Modsecurity WAF; its architecture and how it works to protect web servers. But all I can find is g… Continue reading Where can I learn the complete architecture of Modsecurity WAF and how it works in depth ? This is for a research on current WAF technologies [closed]→

ModSecurity Condition Based Block Mode?

Posted on July 27, 2024 by Mridul Sengupta

I’m playing with ModSecurity and need help. I’m trying to add a condition in the conf file where if there is specific header in the request then the SecRuleEngine should be On else it should be DetectionOnly. I tried the below condition in… Continue reading ModSecurity Condition Based Block Mode?→

OWASP CRS – Is "%00" in request form body is false positive?

Posted on July 22, 2024 by goulashsoup

We have a HTTP POST endpoint for a web form and when sending a request the request has Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryLOAPHJhA1BQSTatn set.
When the payload contains %00…
——WebKitFormBoundaryLOAPHJh… Continue reading OWASP CRS – Is "%00" in request form body is false positive?→

Modsecurity CRS access denied with response 200?

Posted on July 6, 2024 by navotera

Issue
I have try to inject XSS in an input and the log total of anomaly score is 84 (enough to block the request)
The action return Access denied but why it return 200 code and the action is allowed to be passed to the webserver.
Specifica… Continue reading Modsecurity CRS access denied with response 200?→