owasp

Shouldn't the OWASP vendor config file have the version added to the name or even another field to display the version. So if you have v2 and v3 installed you can differentiate between the two? If you look at the following files you will see they both have the exact same name v2...

We've been using GotRoot's mod_sec rules up until the last few server builds without a single issue, we then switched over to using cPanel's OWASP ruleset. Since then, we've had a lot of complaints about false positives. Is anyone using this ruleset in production? Anyone have a list of...

Hi guys, Quick question regarding this feature request - Update ModSecurity Vendor OWASP to OWASP ModSecurity Core Rule Set (CRS) 3 It looks like it isn't released yet but my error_log suggests I'm running CRS3. Was it released already? Or am I mistaken? (partial copy/paste) [msg "Request...

Hi guys, I've been a bit back and forth trying to "whitelist" a Magento2 Cookie which triggers Rule 981243 in OWASP CRS for apparent SQLi injection probing. When attempting to add SecRuleUpdateTargetById 981243 !REQUEST_COOKIES:section_data_ids into ModSecurity Tools > Rules List > Add Rule...

Hello, I have these errors in my modsec log file. Are they normal or should I worry? [Tue Aug 09 12:23:46.751981 2016] [:error] [pid 25520:tid 140358038025984] [client 180.76.15.12] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required...