Collaborate Disseminate
I previously asked about this problem. By firing the rule 912140, although it has a nolog action, audit logs are created with no message. How can I solve it?
a created audit log:
{"transaction":{"client_ip":"192.16… Continue reading the rule 912140 causes audit logs with no message [closed]
I received this error in my ModSecurity logs:
ModSecurity: Warning. Matched "Operator `Eq’ with parameter `0′ against variable `REQBODY_ERROR’ (Value: `1′ ) [file "/etc/nginx/modsec/modsecurity.conf"] [line "75"] [… Continue reading ModSecurity: How to increase SecRequestBodyLimit for specific website REQUEST_URI?
My modsecurity log produces lines like this in section H:
Stopwatch: 1672766910416996 75370993 (- – -)
Stopwatch2: 1672766910416996 75370993; combined=8155, p1=1356, p2=5617, p3=149, p4=895, p5=137, sr=157, sw=1, l=0, gc=0
167276691041699… Continue reading How do I interpret the "stopwatch" lines in modsecurity logs?
I have observed that in modsecurity version 3.0.8 ,when the rules 981045, 912140 and 217140 are fired, a large number of audit logs are recorded without messages. How can I resolve it?
an example of one of the audit logs is as follows:
{&q… Continue reading a lot of audit logs with no message for the rules 981045, 912140 and 217140 [closed]
I have a false positive involving the content of one of my cookies:
ModSecurity: Warning. Matched "Operator `PmFromFile’ with parameter `lfi-os-files.data’ against variable `REQUEST_COOKIES:xid’ (Value: `ab92d4a54edee30a194329d6bfcf1e… Continue reading ModSecurity: How to whitelist specific cookie name?
I am trying to install modsecurity in nginx 1.18.0 in ubuntu jammy 22.04.1 for a project by following hackersploit’s tutorial:
https://www.linode.com/docs/guides/securing-nginx-with-modsecurity/
When building the modsecurity module for ngi… Continue reading Nginx 1.18.0. ModSecurity WAF installation ./configure error [migrated]
I have a specific URL that keeps getting checked by weird bots, and that keeps triggering ModSecurity rules that fill up my logs. I would like to disable logging for that one specific URL to make it easier to review my logs, but continue b… Continue reading ModSecurity: How to disable logging for specific REQUEST_URI?
I have a server with 100 domain names. On each domain name, I have a unique list of pages/directories that I would like to whitelist (put ModSecurity into DetectionOnly mode temporarily). Basically, how would I write the rule for something… Continue reading ModSecurity: How to write exclusion rules for list of REQUEST_URIs on separate domain names?
ModSecurity 3.0.8
ModSecurity-Nginx 1.0.3
CRS 4.0.0-rc1
I have a marketplace where sellers can list anything for sale. On the "item description" section, we allow users to copy and paste their HTML formatting, like eBay does. We… Continue reading ModSecurity / CRS: Need custom rule to deal with false positive (user-inserted HTML formatted listings)
I have problem when implementing modsecurity and crs. Here is the issue, I hope anyone can give us some guide for resolving this issue.
Apache version :
Server version: Apache/2.4.29 (Ubuntu) Server built:
2022-06-23T12:51:37
ModSecurity… Continue reading Execution error – PCRE limits exceeded