Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
0
votes
0 answers

Configserver ModSecurity: How to block an ip IF it hits a certain url more than N times?

We have the problem of hackers trying to submit forged payment requests. They return the url /checkout?fail=1 when their attempts fails. Using modsec, How can we block their ip IF they visit that url more than 3 times?
Tim
  • 13
  • 4
0
votes
0 answers

A combination of a specific WordPress plugin + Modsecurity is causing 500 Internal Server Error

I'm using one of the WooCommerce Appointment plugin and it's causing a 500 internal error. It seems the Modsecurity intercepts the http access but I don't know what's wrong in the following log. --a7316b05-A-- [02/Dec/2020:01:37:02 +0800]…
翁啟豪
  • 77
  • 2
  • 10
0
votes
1 answer

Minio uploads through the web interface and API receives "Unauthorized request."

I can successfully upload files to my Minio server using mc command line client (logged in as root): ./mc cp roobina.jpg minio/mag roobina.jpg: 63.50 KiB / 63.50 KiB But when I try to upload a file to a bucket using minio's…
wmac
  • 1,023
  • 1
  • 16
  • 34
0
votes
1 answer

Mod-security paranoia level not taking in K8s implementation

I'm deploying franbuehler/modsecurity-crs-rp (https://hub.docker.com/r/franbuehler/modsecurity-crs-rp) in a kubernetes pod in front of a web app from a manifest yaml file. It's prep for a class on this subject I'll be teaching in a couple weeks. No…
tnunu
  • 15
  • 5
0
votes
1 answer

ModSecurity blocked requests stats

I installed ModSecurity, I would like to get stats out from its usage. The number of blocked requests would be a good starting point. The only solution I was able to imagine is to parse access_log to find 403 http status, is something more clever…
nulll
  • 1,465
  • 1
  • 17
  • 28
0
votes
1 answer

Stop CRS rule from triggering for a given argument

I am an absolute newcomer to OWASP ModSecurity, so please excuse me if this is a simple question! Currently, for an image upload function, I get a bunch of "warnings" like the following: ModSecurity: Warning. Matched "Operator Rx' with parameter…
Galentino
  • 65
  • 7
0
votes
1 answer

Modsecurity not check POST data even SecRequestBodyAccess on is enabled

I have installed modsecurity on Nginx and as well as the owasp rules, i have check SecRequestBodyAccess to on, but when i send a request with a malicious post data, it pass ok with no problem Can anyone help me?
Logan
  • 11
  • 3
0
votes
1 answer

Secrule modsecurity random numbers and adress ip post method

I have an attack on my server, several thousand logs. Please take a look. I am looking for a method that could help me block these queries to my wordpress. I tried to block by IP, but there are others as well. This post query - is still the…
Małgorzata Urbańska
  • 11
  • 4
0
votes
1 answer

Apache site that redirects to https version of site is not applying modsecurity rules

I have an https website with modsecurity. It also has a virtual host that listens to the http port and redirects to the https website, with a simple rule: RewriteEngine On RewriteRule ^(.*)$ https://${server_name}$1 [last,redirect=308] modsecurity…
Rob
  • 781
  • 5
  • 19
0
votes
1 answer

is wordpress safe even if mod security is disabled?

enabling modSecurity is not an option for my site to work properly. I just want to know if disabling ModSecurity is safe for a wordpress site. does wordpress take it's own security measures even if ModSecurity is disabled? if not, what can I do on…
toddash
  • 167
  • 2
  • 17
0
votes
1 answer

Can't disable mod_security rule on apache

If I post data of a form on my website, I keep getting this error in the log file. [Thu Jul 16 09:45:25 2020] [error] [client 85.1.202.234] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\bor\\b…
Umut Savas
  • 113
  • 1
  • 14
0
votes
1 answer

ModSecurity False Positive SQL Injection

So I was able to wrangle several other ModSecurity rules giving false positives for other situations but I'm having issues with this specific ruleset. When customers submit a form with a double quotation the ruleset is activated and an access denied…
user1815581
  • 13
  • 3
0
votes
3 answers

Debugging triggered modsecurity rule hits

TL;DR: How do I debug a hit on the mod-security rules to identify the part of the request triggering the rule?. The situation I have a site runing on an environment with modsecurity and Free OWASP ModSecurity Core Rule Set (CRS) which I actually…
JoSSte
  • 2,953
  • 6
  • 34
  • 54
0
votes
1 answer

Curl ends with "curl: (6) Could not resolve host: HTTP"

I've been following a blog on how to compile modsecurity with nginx, Blog. I tried to verify that everything works with creating the file /etc/nginx/conf.d/echo.conf which contains: server { listen localhost:8085; location / { …
Ulvar
  • 23
  • 1
  • 1
  • 8
0
votes
2 answers

Nginx Module Code error_page directive problems

I am leveraging the ModSecurity WAF to help block tx's deemed dangerous on NGINX: https://github.com/SpiderLabs/ModSecurity https://github.com/SpiderLabs/ModSecurity-nginx My issue can be found…
Jeremy Justus
  • 31
  • 8
1 2 3
31 32