Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
0
votes
1 answer

XSS vulnerability stuck

I am trying to learn about the XSS vulnerability and was testing some payloads in my website(with Mod_Security), but now I'm stuck and I don't know if it was a real vulnerability or a false positive, so follow the…
mirasx
  • 1
0
votes
1 answer

modsecurity owasp 941130 - ignore xhtml in request

I was hoping to see if there was an easier, better, more efficient way of doing this. We get legit traffic that has 'xhtml' in the body of the request. the owasp 941130 regex matches xhtml and blocks it. Relevant part of rule: SecRule…
jmallett
  • 1
  • 1
0
votes
1 answer

Issue with ResourceSpace app and mod_security

I have a project (its an old project its actually only used as archive as we moved on from this app) with ResourceSpace, that sometimes needs to be accessed to download some images. We have this issue now where users are unable to download as we're…
Ricardo Mendes
  • 325
  • 3
  • 13
0
votes
1 answer

How to configuration Modsecurity logs?

I think it's too much detail. I installed it on windows 7 and using apache…
bunny
  • 13
  • 3
0
votes
1 answer

Apache mod_security blocking rewrite http to https (and www to non-www)

httpd-vhosts.conf ServerName example.com ServerAlias www.example.com DocumentRoot "c:/wamp64/www/mysite" Alias /.well-known c:/wamp64/www/mysite/.well-known RewriteEngine On RewriteRule ^ https://example.com…
impimp
  • 1
  • 1
0
votes
1 answer

mod_security(2.x): How to match on an undefined mod-sec variable?

Note: Question has been updated: What I am really trying to solve is: Two types of requests: A and B. B shall only be allowed if A has been called within the last 5 minutes (from the same ip-address). My idea to trying so solve this is by having one…
Erik Melkersson
  • 899
  • 8
  • 19
0
votes
1 answer

Plain English firing Modsecurity/WAF/CRS rules

What do you do about common English text firing off the CRS rules? e.g. look at the phrases here, they all fire off a CRS alert. They are examples of reasonable text that a user could enter, and clearly I can just switch off the rules, but then the…
tony
  • 2,178
  • 2
  • 23
  • 40
0
votes
1 answer

Block part of a request using WAF or ModSecurity

Is it possible to block just part of a request using ModSecurity, Azure WAF or similar? For example could you block a cookie because it contains invalid characters while allowing the rest through I'm trying to trace an issue where sometimes a cookie…
tony
  • 2,178
  • 2
  • 23
  • 40
0
votes
1 answer

Apache mod_secure, disable rule for cookie containing "1---"

I am using Apache 2.4.29 and just updated to the latest OWASP rules. When a cookie named usprivacy containing 1--- is present, the mod_security module returns a 403 error. I suspect its one of SQL injection attack rules, but so far I have not been…
marcos
  • 93
  • 8
0
votes
1 answer

Modsecurity OWASP Core Rule Set - base64 false positive rule 941170

We use ModSecurity 3.X for NGIX with the OWASP core rule set. We have a problem with image in base64 and the rule 941170. The pattern of the rule is SecRule…
cplaiuu
  • 163
  • 4
  • 18
0
votes
1 answer

OWASP corerulet warning "invalid http request line" triggered by CONNECT method

Summary: I have setup a basic WAF with mod-security and the OWASP coreruleset 3.3.2. When using the WAF I see lots of warnings in modsec_audit.log regarding the CONNECT method, which trigger crs rule 920100: Message: Warning. Match of…
Michael Jahn
  • 13
  • 3
0
votes
1 answer

OWASP CRS MoD security false positive - rule 942150 "@contains"

Can someone help with the below, SecRule REQUEST_FILENAME "@streq template.html" \ "id:9999001,\ phase:1,\ pass,\ t:none,\ nolog,\ chain" SecRule REQUEST_METHOD "@streq GET" \ "chain" SecRule ARGS:q…
shajin raj
  • 1
0
votes
1 answer

ModSecurity 3.0 doesn't block POST requests

ModSecurity 3 doesn't seem to be blocking anything sent through post (like forms). Logs say: ModSecurity: Access denied with code 200 (phase 2). detected XSS using libinjection.…
Dosyk
  • 35
  • 6
0
votes
1 answer

modsecurity whitelist directory

For me to whitelist a directory, is this how I should do it? SecRuleEngine Off . Edit: /usr/local/apache/conf/userdata/xxxxx/xxx.site.com/modsec.conf
Tiago
  • 797
  • 1
  • 10
  • 23
0
votes
1 answer

NGINX filter requests to lan IP

I have received several requests via NGINX that appear to be to my LAN IP 192.168.0.1 as follows: nginx.vhost.access.log: 192.227.134.73 - - [29/Jul/2021:10:33:47 +0000] "POST /GponForm/diag_Form?style/ HTTP/1.1" 400 154 "-" "curl/7.3.2" and…
Radial
  • 342
  • 1
  • 4
  • 14
1 2 3
31 32