mod-security – WindowsTechs.com

How to enable ModSecurity to actually block/deny malicious requests? [migrated]

Posted on April 10, 2024 by Rahul Thakkar

I have setup installed mod security module for apache in ubuntu 22.04, using.
sudo apt-get install libapache2-mod-security2
sudo a2enmod security2
sudo systemctl restart apache2

This installs security module version 2.9.5 with core rule s… Continue reading How to enable ModSecurity to actually block/deny malicious requests? [migrated]→

ModSecurity with OWASP-CRS blocks ERDDAP queries containing ‘(‘ and ‘)’ characters [migrated]

Posted on February 9, 2024 by lorenzo corgnati

I have installed ModSecurity on a XUbuntu 22.04 virtual machine running ERDDAP and ncWMS dockers for data distribution.
I installed ModSecurity via apt install libapache2-mod-security2 and then I enabled it via a2enmod security2.
I then in… Continue reading ModSecurity with OWASP-CRS blocks ERDDAP queries containing ‘(‘ and ‘)’ characters [migrated]→

Modsecurity blocks blocks my legit XHR POST request (403 forbidden)

Posted on January 18, 2024 by Picard

I’m new to modsecurity topic so maybe my question is stupid but…
I have setup modsecurity on my new nginx/1.24.0 server with default set of recommended rules: coreruleset-3.3.0 and since then my POST XHR request is being blocked.
This is… Continue reading Modsecurity blocks blocks my legit XHR POST request (403 forbidden)→

How to make the rules 920600 and 922110 dynamic to have custom charsets (custom regexp) in CRS 4 [duplicate]

Posted on January 15, 2024 by sh91

There is a regexp in the rules 920600 and 922110 that (according to my opinion) accepts only 4 charsets in the Accept header. I need to make it custom, so the regexp must be modified based on my custom charsets.
I understood that in CRS 4,… Continue reading How to make the rules 920600 and 922110 dynamic to have custom charsets (custom regexp) in CRS 4 [duplicate]→

ModSecurity CRS, allow header `accept-charset`

Posted on November 7, 2023 by nulll

I have ModSecurity v2 on apache with CRS v3.
Requests containing header accept-charset are blocked on paranoia level 1, I read this great discussion about the header and that on CRS v4 will be allowed by default.
How can I write an exclusi… Continue reading ModSecurity CRS, allow header `accept-charset`→

ModSecurity CRS, allow header `accept-charset`

Posted on November 7, 2023 by nulll

How do I create a site with secure user data upload on AWS? [closed]

Posted on September 28, 2023 by BigMistake

I want to have users upload data, but need to ensure it stays secure and cannot be mixed up with or touch other users’ data. How do I do this with AWS?

Continue reading How do I create a site with secure user data upload on AWS? [closed]→

What is Method Enforcement. How to simulate this attack?

Posted on May 30, 2023 by Mamta Singh

I need to know what is "method enforcement" inside WAF Preconfigured ModSecurity rules.
How to test this attack on magento website? What is security best practice to prevent this?

Continue reading What is Method Enforcement. How to simulate this attack?→

Modsecurity Nginx breaks WordPress’s Woocommerce checkout page. Need help finding working rule exclusions [migrated]

Posted on May 24, 2023 by DanRan

I am running an Ubuntu 20.04 based LEMP server on a Raspberry Pi 4.
I am working on a Wordpress Woocommerce website at https://www.mcmo.is. Currently on iOS using Safari or Google Chrome, I can’t get past the websites Woocommerce checkout … Continue reading Modsecurity Nginx breaks WordPress’s Woocommerce checkout page. Need help finding working rule exclusions [migrated]→

ModSecurity: How to disable error logging for single rule?

Posted on May 5, 2023 by Felix

Here is my configurations:
SecDefaultAction "phase:1,log,deny,status:403"
SecDefaultAction "phase:2,log,deny,status:403"

SecRule REQUEST_URI "@pm logging_test" \
"id:100,\
phase:1,\
pass,nolo… Continue reading ModSecurity: How to disable error logging for single rule?→