Highest Voted 'owasp' Questions - Server Fault Stack Exchange

1

vote

1 answer

OWASP ZAP found Nginx server is vulnerable to 'Proxy Disclosure'. Helping fixing this is must appreciated

I performed an OWASP ZAP on my website and it raised a proxy disclosure alert amongst other things. Proxy Disclosure alert https://www.zaproxy.org/docs/alerts/40025/ OWASP description 1 proxy server(s) were detected or fingerprinted. This…

nginx owasp

asked Dec 08 '22 at 17:53

asap_coder

11
1

0

votes

1 answer

mod_security with OWASP CRS: Custom rule for whitelisting googlebot

I am about to use OWASP CRS rules with mod_security on my WHM/cPanel enabled CentOS server (with apache). But I fear that accidentally Googlebot may be blocked by one rule or the other. After enabling OWASP CRS, If I add the below custom rule…

owasp mod-security whitelist

asked Apr 25 '21 at 06:40

Kannan

101
2

0

votes

1 answer

Why don't the CRS rules in ModSecurity block all threats?

I'm in the process of configuring the new Ngnix v1.18.0 server together with ModSecurity-nginx v1.0.1. I've added OWASP CRS 3.3.0 rules to the configuration. Unfortunately, I can't clearly tell if the rules are working. While reading blogs and…

nginx mod-security ubuntu-20.04 owasp

asked Oct 19 '20 at 14:39

nsog8sm43x

101
1

Questions tagged [owasp]

OWASP ZAP found Nginx server is vulnerable to 'Proxy Disclosure'. Helping fixing this is must appreciated

mod_security with OWASP CRS: Custom rule for whitelisting googlebot

Why don't the CRS rules in ModSecurity block all threats?