Stack Overflow
Stack Overflow

Questions tagged [mod-security]

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.

As of December 27, 2015 the latest stable release of ModSecurity is version 2.9.0.

Useful links:

476 questions
0
votes
1 answer

modsecurity + OWASP rules for Rancher 2 load balancer

I've already set "nginx.ingress.kubernetes.io/enable-modsecurity" to true in the load balancer annotations, but it doesn't seem to work. Is there any additional config required for the load balancer? Can the OWASP ruleset be loaded? Rancher version…
Fernando Neto
  • 43
  • 1
  • 4
0
votes
1 answer

Nginx with Mod Security 3. white list by IP fails

I have installed Mod Security 3 on my Nginx server. Up to date and seeing multiple pages on how to put an IP on the white list, I find that all docs talk to me about doing something, and that causes me a configuration error in nginx. whitelist.conf…
abkrim
  • 3,512
  • 7
  • 43
  • 69
0
votes
1 answer

ModSecurity - Is there a way to configure DetectionOnly per Rule

Using Mod-Security I would like to have my production system blocking requests (SecRuleEngine On), but for some of the rules (perhaps provided with an update of the RuleSet) I would like to get notified. This should help me to identify False-Postive…
Christoph Wiechmann
  • 19
  • 5
0
votes
0 answers

Apache proxy modsecurity blocking Maven deploy operation

I'm having a hard time trying to use a Nexus artifact manager for Maven, sitting behind a reverse proxy, which is based on Apache and the ModSecurity module. The problem is many artifacts have big files to upload (eg, .jar, .zip spawned by the…
zakmck
  • 2,715
  • 1
  • 37
  • 53
0
votes
1 answer

Why NGINX with OWASP-CRS do not log alerts properly?

I have problem with logging alerts from OWASP-CRS. For example, I make request: https://host?exec=bin/bash Mod security blocked this request properly, but in error logs i have just one alert: 2020/02/04 16:51:34 [error] x#x: *x [client xxxx]…
Chivolta
  • 11
  • 3
0
votes
2 answers

ModSecurity and GeoIP geoLookup rule not doing anything

I'm trying to get the following rule to work but it seems to be doing nothing: # Test IP address and block by country code SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:20,drop,msg:'Block China IP…
Chris Leather
  • 45
  • 11
0
votes
0 answers

Mod_security - help needed

I need help configuring mod_security. I installed the component in joomla CMS. One function does not work. I think it's the fault of configuring mod_security. However, I can't handle the configuration. Can anyone suggest me how to configure…
igorioo
  • 11
  • 3
0
votes
1 answer

Add Custom User Agents to Modsecurity OWASP Rule in Plesk

I always make requests with an .NET Application to my Server and this is all working fine as long as I define a "normal" user agent like: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0" but if I define my own like…
user12273309
0
votes
1 answer

modsecurity: Is turning off the rule engine really necessary when implementing a whitelisting rule?

Virtually all SecRule examples for modsecurity whitelisting I found on the web include turning off the rule engine, example: phase:1,nolog,allow,ctl:ruleEngine=Off,id:23023 However, as far as I got it from the documentation, "nolog" combined with…
Dante77
  • 3
  • 2
0
votes
1 answer

Passing / and -- in url it's showing 403 Forbidden Error

When we request to google or any 3rd party API, in this return url we getting this type of code. ?code=4/rAERtRkfXf-- The server doesn't accept this type code and it's showing 403 forbidden Error. When I am talking with server support they told me…
Rockers Technology
  • 477
  • 4
  • 12
0
votes
1 answer

Why Modsecurity does not deny SQL injection on JSON payload

I have an web application running behind an apache/modsecurity firewall configured with OWASP CRS. The following URL is deny by Modsecurity: GET /login?username=' /*!or*/1=1# But this one pass the firewall: POST /login Body: {"password":"'…
Nico
  • 171
  • 1
  • 7
0
votes
1 answer

Payment gateway blocked by mod_security when trying to request Woocommerce endpoint

my payment gateway is blocked by mod_security when trying to access Woocommerce endpoint. receiving 403 permission denied when trying to access the "/wc-api/my_gateway_payment_callback" endpoint. im on an Litespeed shared host. when disabling the…
buzibuzi
  • 724
  • 3
  • 15
  • 27
0
votes
1 answer

Can't access URL link on Apache in CentOS7

I have a system using PHP, httpd (Apache 2) and mod_security on CentOS 7.0. This application is not programmed by me, I only operate and maintain. I have a problem that some PC in my office cannot access the web application URL. Here is URL: This is…
ThanhLam112358
  • 878
  • 1
  • 20
  • 51
0
votes
1 answer

What causes mod_security 406 Not Acceptable when POSTing data?

I have an article on my website with the (markdown) content: # PHP Proper Class Name Class names in PHP are case insensitve. If you have a class declaration like: ```php class MyWeirdClass {} ``` you can instantiate it with `new myWEIRDclaSS()` or…
Reed
  • 14,703
  • 8
  • 66
  • 110
0
votes
1 answer

ModSecurity: Warning. Pattern match "^POST$" at REQUEST_METHOD

My websites are getting a serious downtime, and my users are complaining a lot. I keep getting the following error from the hosted server in log. [Tue Jun 11 00:53:31.161600 2019] [:error] [pid 110055:tid 140662619748096] [client IP] ModSecurity:…
Sarabjit
  • 129
  • 3
  • 13
1 2 3
31 32