I have two Apache VirtualHost allowing access to lists of files. The first directory or server is accessible without authentication. On the other hand, the second has the native Apache authentication mode called mod_authn_dbd.
I configured the ModSecurity module as a WAF to add protection against XSS attacks, injections, etc.
When I do the basic tests, which should work by default, with attacks of the type:
curl 'hxxp://yourdomain.com/test.html?a=alert(1);'
It works for the server without authentication but not for the other. On the server with authentication, if I authenticate myself and I request the above request again, the alert is raised!
So there's something I don't understand, it's as if the way the data/requests were analyzed with the authentication mode makes it not compatible with ModSecurity
