owasp-crs – Page 2 – WindowsTechs.com

Increasing critical_anomaly_score does not block request

Posted on June 21, 2024 by navotera

I am using CRS 4.3.0
I am modify the default crs-setup.conf to increase the anomali_score for critical triggered rules :
"id:900100,\
phase:1,\
pass,\
t:none,\
nolog,\
tag:’OWASP_CRS’,\
ver:’OWASP_CRS/4.3.0… Continue reading Increasing critical_anomaly_score does not block request→

How do I unblock a request uri in Modsecurity CRS?

Posted on June 19, 2024 by Iogui

I have installed a Nginx WAF with Modsecurity CRS. This WAF protects a backend WordPress.
One request from one of the plugins generated a false positive on the Modsecurity with the rule id 933120.
I identified it in the audit log, studied … Continue reading How do I unblock a request uri in Modsecurity CRS?→

Modsecurity only show warning but not blocking?

Posted on June 19, 2024 by navotera

I am using CRS 4.3.0
I try to test is it active :
curl ‘https://example.com/?foo=/etc/passwd&bar=/bin/sh’
curl : The remote server returned an error: (403) Forbidden.

However when using other approach by requesting this url :
curl ‘ht… Continue reading Modsecurity only show warning but not blocking?→

ModSecurity OWASP CRS 3.3.0 false positives on a WordPress site

Posted on June 20, 2021 by skinnedpanda

The following search queries are blocked by ModSecurity and returns a 403 forbidden error:
www.example.com/s=zip+someword &
www.example.com/s=gzip+someword
but not
www.example.com/s=zip & www.example.com/s=gzip
The Apache error_log… Continue reading ModSecurity OWASP CRS 3.3.0 false positives on a WordPress site→

Modsecurity CRS how to deal with field arrays

Posted on February 8, 2021 by Eddie4

I have a question how to deal with whitelisting field arrays in modsecurity. Currently am doing the following:
… ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[0][pdc_faq_answer]"
… ctl:ruleRemoveTargetById=942510;ARGS:_o… Continue reading Modsecurity CRS how to deal with field arrays→

OWASP CRS Anomaly scoring, ModSecurity WAF

Posted on May 4, 2020 by murad

I’m getting into OWASP CRS with ModSecurity and was investigating the way OWASP calculate the anomaly score in the REQUEST-901-INITIALIZATION.conf they set the following lines:
setvar:’tx.anomaly_score=0′,\
setvar:’tx.anomaly_score_pl1=0′,… Continue reading OWASP CRS Anomaly scoring, ModSecurity WAF→

Mod_security rules-updater.pl fails to pull new release

Posted on March 28, 2012 by Jason Huntley

Mod_security has a rules updater distributed with their release packages on sourceforge:

http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/

Usually, you can run the script and modsec will update the rules for y… Continue reading Mod_security rules-updater.pl fails to pull new release→