How to make modsecurity log to audit_log only when the request is returning with 403 status code
I don’t want logs to appear if the inboud_anomaly_score hasn’t exceeded the threshold, how do I do this in modsecurity.
Category Archives: owasp-crs
How to make modsecurity log to audit_log only when the request is returning with 403 status code
I don’t want logs to appear if the inboud_anomaly_score hasn’t exceeded the threshold, how do I do this in modsecurity.
ModSecurity is not blocking attacks in sent in raw json data
When I send this http request as an urlencoded request modsecurity is blocking the request.
But when I send the request of the Content-Type: application/json the request is not being blocked.
Continue reading ModSecurity is not blocking attacks in sent in raw json data
Modsecurity not blocking JSON payload [closed]
I’m using OWASP CRS v4.5.0 in my application, when I send the payload to https://sandbox.coreruleset.org
{
"data" : "<script>"
}
it is blocking the request, but when I send it to my application it is not bloc… Continue reading Modsecurity not blocking JSON payload [closed]
How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set
I have three custom HTTP headers called X-Username, X-Role and X-Realm, I want to log the content of this header in the warning logs when some of the the rules are matched for a HTTP request.
I have edited one rule to log the header values… Continue reading How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set
How to enable base64 decoding globally in modsecurity?
I am testing modsecurity with xss attacks equipped with latest OWASP CRS with only XSS rules enabled . I found base64decoding is not done and its one of the reason for bypasses . however,If I have to add transformation to each rule in xss … Continue reading How to enable base64 decoding globally in modsecurity?
How to put specific rules in OWASP core ruleset in detection mode?
This is the content of my RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
# Set the rules to detection mode (they will log but not block)
SecRuleUpdateActionById 941100 "pass,log"
SecRuleUpdateActionById 941110 "pass,log"
S… Continue reading How to put specific rules in OWASP core ruleset in detection mode?
How to put specific rules in OWASP core ruleset in detection mode?
This is the content of my RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
# Set the rules to detection mode (they will log but not block)
SecRuleUpdateActionById 941100 "pass,log"
SecRuleUpdateActionById 941110 "pass,log"
S… Continue reading How to put specific rules in OWASP core ruleset in detection mode?
Why is PUT Request not allowed by default in OWASP CoreRuleSet
Why is PUT method not allowed and how can I allow PUT methods without changing REQUEST-901-INITIALIZATION.conf file and REQUEST-911-METHOD-ENFORCEMENT.conf file.
Continue reading Why is PUT Request not allowed by default in OWASP CoreRuleSet
Modsecurity parse nested keys in json
I am writing an exception rule. I have the JSON:
{"pageNumber":0,"pageSize":100,"sorts":[{"field":"hex","direction":"ASC"}],"filters":[{"field":"… Continue reading Modsecurity parse nested keys in json