Collaborate Disseminate
I have these rules :
SecRule REQUEST_URI "@rx ^/(.*)$" \
"id:94000001,phase:1,t:none,nolog,pass,\
ctl:ruleRemoveById=933120,\
ctl:ruleRemoveById=933150,\
ctl:ruleRemoveById=920210,\
ctl:ruleRemoveById=931… Continue reading Cannot allow 920600 in crs
I am using CRS 4.3.0
I am modify the default crs-setup.conf to increase the anomali_score for critical triggered rules :
"id:900100,\
phase:1,\
pass,\
t:none,\
nolog,\
tag:’OWASP_CRS’,\
ver:’OWASP_CRS/4.3.0… Continue reading Increasing critical_anomaly_score does not block request
I have installed a Nginx WAF with Modsecurity CRS. This WAF protects a backend WordPress.
One request from one of the plugins generated a false positive on the Modsecurity with the rule id 933120.
I identified it in the audit log, studied … Continue reading How do I unblock a request uri in Modsecurity CRS?
I am using CRS 4.3.0
I try to test is it active :
curl ‘https://example.com/?foo=/etc/passwd&bar=/bin/sh’
curl : The remote server returned an error: (403) Forbidden.
However when using other approach by requesting this url :
curl ‘ht… Continue reading Modsecurity only show warning but not blocking?
I want to integrate ModSecurity into the WAF to ensure I’m protected with OWASP Top 10 security mitigations. I’d appreciate your guidance if there are any specific configurations you recommend for enhanced security.
Continue reading How to include the coreruleset rules in OPNsense firewall WAF (Nginx)
I tried to find a way to limit requests per minute (or other time) using mod security rule in apache, but didn’t get success from anywhere.
I think it needs more expertise to write such complex rules in mod security.
Our need is to setup r… Continue reading How to set requests rate limit using Mod Security Rule?
I have setup installed mod security module for apache in ubuntu 22.04, using.
sudo apt-get install libapache2-mod-security2
sudo a2enmod security2
sudo systemctl restart apache2
This installs security module version 2.9.5 with core rule s… Continue reading How to enable ModSecurity to actually block/deny malicious requests? [migrated]
I have installed ModSecurity on a XUbuntu 22.04 virtual machine running ERDDAP and ncWMS dockers for data distribution.
I installed ModSecurity via apt install libapache2-mod-security2 and then I enabled it via a2enmod security2.
I then in… Continue reading ModSecurity with OWASP-CRS blocks ERDDAP queries containing ‘(‘ and ‘)’ characters [migrated]
I’m new to modsecurity topic so maybe my question is stupid but…
I have setup modsecurity on my new nginx/1.24.0 server with default set of recommended rules: coreruleset-3.3.0 and since then my POST XHR request is being blocked.
This is… Continue reading Modsecurity blocks blocks my legit XHR POST request (403 forbidden)
There is a regexp in the rules 920600 and 922110 that (according to my opinion) accepts only 4 charsets in the Accept header. I need to make it custom, so the regexp must be modified based on my custom charsets.
I understood that in CRS 4,… Continue reading How to make the rules 920600 and 922110 dynamic to have custom charsets (custom regexp) in CRS 4 [duplicate]