Collaborate Disseminate
OWASP Core Rule Set has many versions the latest is version 4.0 (release candidate), but I cannot find any indication about compatibility among various modsecurity releases.
Could these be used with any modsecurity version, or is there som… Continue reading Compatibility of ModSecurity Core Rule Set 4
mod security is a waf that protects web applications as well as sql injection attacks. This guy mentions that he can bypass the mod security with specific behavior,
I wonder which two tampers of sqlmap this guy uses, one is urlencode, and … Continue reading sqlmap tampers for the specific waf tutorial
mod security is a waf that protects web applications as well as sql injection attacks. This guy mentions that he can bypass the mod security with specific behavior,
So this is the payload from the link,
-1+union(select+1)+ — +
First he ur… Continue reading sqlmap tampers for the specific waf tutorial [closed]
After updating to CRS 3.3.4, I want to update the regular expression of the rules 920600, 921421, 921422 and 922110. but the command util/regexp-assemble/regexp-assemble.py update 920600 does not work. In other words, regexp-assemble.py do… Continue reading Updating regular expressions for the rules 920600, 921421, 921422 and 922110 in CRS 3.3.4
I previously asked about this problem. By firing the rule 912140, although it has a nolog action, audit logs are created with no message. How can I solve it?
a created audit log:
{"transaction":{"client_ip":"192.16… Continue reading the rule 912140 causes audit logs with no message [closed]
I received this error in my ModSecurity logs:
ModSecurity: Warning. Matched "Operator `Eq’ with parameter `0′ against variable `REQBODY_ERROR’ (Value: `1′ ) [file "/etc/nginx/modsec/modsecurity.conf"] [line "75"] [… Continue reading ModSecurity: How to increase SecRequestBodyLimit for specific website REQUEST_URI?
My modsecurity log produces lines like this in section H:
Stopwatch: 1672766910416996 75370993 (- – -)
Stopwatch2: 1672766910416996 75370993; combined=8155, p1=1356, p2=5617, p3=149, p4=895, p5=137, sr=157, sw=1, l=0, gc=0
167276691041699… Continue reading How do I interpret the "stopwatch" lines in modsecurity logs?
I have observed that in modsecurity version 3.0.8 ,when the rules 981045, 912140 and 217140 are fired, a large number of audit logs are recorded without messages. How can I resolve it?
an example of one of the audit logs is as follows:
{&q… Continue reading a lot of audit logs with no message for the rules 981045, 912140 and 217140 [closed]
I have a false positive involving the content of one of my cookies:
ModSecurity: Warning. Matched "Operator `PmFromFile’ with parameter `lfi-os-files.data’ against variable `REQUEST_COOKIES:xid’ (Value: `ab92d4a54edee30a194329d6bfcf1e… Continue reading ModSecurity: How to whitelist specific cookie name?
I am trying to install modsecurity in nginx 1.18.0 in ubuntu jammy 22.04.1 for a project by following hackersploit’s tutorial:
https://www.linode.com/docs/guides/securing-nginx-with-modsecurity/
When building the modsecurity module for ngi… Continue reading Nginx 1.18.0. ModSecurity WAF installation ./configure error [migrated]