owasp-crs – WindowsTechs.com

How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set

Posted on November 3, 2024 by Roshan John

I have three custom HTTP headers called X-Username, X-Role and X-Realm, I want to log the content of this header in the warning logs when some of the the rules are matched for a HTTP request.
I have edited one rule to log the header values… Continue reading How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set→

How to enable base64 decoding globally in modsecurity?

Posted on October 24, 2024 by whatisLimlee

I am testing modsecurity with xss attacks equipped with latest OWASP CRS with only XSS rules enabled . I found base64decoding is not done and its one of the reason for bypasses . however,If I have to add transformation to each rule in xss … Continue reading How to enable base64 decoding globally in modsecurity?→

How to put specific rules in OWASP core ruleset in detection mode?

Posted on October 1, 2024 by Roshan John

This is the content of my RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
# Set the rules to detection mode (they will log but not block)
SecRuleUpdateActionById 941100 "pass,log"
SecRuleUpdateActionById 941110 "pass,log"
S… Continue reading How to put specific rules in OWASP core ruleset in detection mode?→

How to put specific rules in OWASP core ruleset in detection mode?

Posted on October 1, 2024 by Roshan John

Why is PUT Request not allowed by default in OWASP CoreRuleSet

Posted on August 29, 2024 by Roshan John

Why is PUT method not allowed and how can I allow PUT methods without changing REQUEST-901-INITIALIZATION.conf file and REQUEST-911-METHOD-ENFORCEMENT.conf file.

Continue reading Why is PUT Request not allowed by default in OWASP CoreRuleSet→

Modsecurity parse nested keys in json

Posted on August 19, 2024 by Net Cedec

I am writing an exception rule. I have the JSON:
{"pageNumber":0,"pageSize":100,"sorts":[{"field":"hex","direction":"ASC"}],"filters":[{"field":&quot… Continue reading Modsecurity parse nested keys in json→

OWASP CRS – Is "%00" in request form body is false positive?

Posted on July 22, 2024 by goulashsoup

We have a HTTP POST endpoint for a web form and when sending a request the request has Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryLOAPHJhA1BQSTatn set.
When the payload contains %00…
——WebKitFormBoundaryLOAPHJh… Continue reading OWASP CRS – Is "%00" in request form body is false positive?→

Modsecurity CRS access denied with response 200?

Posted on July 6, 2024 by navotera

Issue
I have try to inject XSS in an input and the log total of anomaly score is 84 (enough to block the request)
The action return Access denied but why it return 200 code and the action is allowed to be passed to the webserver.
Specifica… Continue reading Modsecurity CRS access denied with response 200?→

Why Owasp-crs does not allow Content-Type: application/x-www-form-urlencoded

Posted on June 29, 2024 by navotera

I try to craft a http post using this curl :
curl -v -X POST "http://example.com/submit.php" -H "Content-Type: application/x-www-form-urlencoded;" –data "email=test@example.com"

Unluckyly, it is got block by… Continue reading Why Owasp-crs does not allow Content-Type: application/x-www-form-urlencoded→

Cannot allow 920600 in crs

Posted on June 28, 2024 by navotera

I have these rules :
SecRule REQUEST_URI "@rx ^/(.*)$" \
"id:94000001,phase:1,t:none,nolog,pass,\
ctl:ruleRemoveById=933120,\
ctl:ruleRemoveById=933150,\
ctl:ruleRemoveById=920210,\
ctl:ruleRemoveById=931… Continue reading Cannot allow 920600 in crs→