How to enable ModSecurity to actually block/deny malicious requests? [migrated]

I have setup installed mod security module for apache in ubuntu 22.04, using.
sudo apt-get install libapache2-mod-security2
sudo a2enmod security2
sudo systemctl restart apache2

This installs security module version 2.9.5 with core rule s… Continue reading How to enable ModSecurity to actually block/deny malicious requests? [migrated]

ModSecurity with OWASP-CRS blocks ERDDAP queries containing ‘(‘ and ‘)’ characters [migrated]

I have installed ModSecurity on a XUbuntu 22.04 virtual machine running ERDDAP and ncWMS dockers for data distribution.
I installed ModSecurity via apt install libapache2-mod-security2 and then I enabled it via a2enmod security2.
I then in… Continue reading ModSecurity with OWASP-CRS blocks ERDDAP queries containing ‘(‘ and ‘)’ characters [migrated]

How to make the rules 920600 and 922110 dynamic to have custom charsets (custom regexp) in CRS 4 [duplicate]

There is a regexp in the rules 920600 and 922110 that (according to my opinion) accepts only 4 charsets in the Accept header. I need to make it custom, so the regexp must be modified based on my custom charsets.
I understood that in CRS 4,… Continue reading How to make the rules 920600 and 922110 dynamic to have custom charsets (custom regexp) in CRS 4 [duplicate]

Modsecurity Nginx breaks WordPress’s Woocommerce checkout page. Need help finding working rule exclusions [migrated]

I am running an Ubuntu 20.04 based LEMP server on a Raspberry Pi 4.
I am working on a Wordpress Woocommerce website at https://www.mcmo.is. Currently on iOS using Safari or Google Chrome, I can’t get past the websites Woocommerce checkout … Continue reading Modsecurity Nginx breaks WordPress’s Woocommerce checkout page. Need help finding working rule exclusions [migrated]