As I know Modsecurity will reach its end of life on July 1st 2024. So I have a question will the company responsible stop their commercial support, o ...
As I know Modsecurity will reach its end of life on July 1st 2024. So I have a question will the company responsible stop their commercial support, o ...
I am using mod-security V3 on a centos machine with Openlitespeed. My php file access.php create cookie: honey_bot_trap with value : 16 character [0- ...
I would like to adapt the administration urls of my wordpress site so that they work with modsecurity rules. Indeed, I use a waf which manages incomin ...
I am trying to install mod security on Ubuntu 20.04 with nginx. when I execute this command: ./configure --with-compat --add-dynamic-module=/usr/local ...
ModSecurity allows us to use different request body processors (e.g. for XML or JSON). My question is, is it possible to first decode a body that hold ...
I want to create a rule that blocks all http requests (get,post,put, literally all of them) and only allow certain ones that I specify. Specifically, ...
I want to add a custom ModSecurity (V3) rule that can block all user agents, and allow me to whitelist certain User Agents from a file. If this is po ...
So it's not that there are no logs, there are actually many violations logged, its just an issue I'm having with a few people; 10s of violations out o ...
I'm configuring a httpd to perform as a reverse proxy which should allow file uploads as well. Average file size is around 20MB. With basic configurat ...
I have my Virtual Machine with Ubuntu 20.04 installed. In it I'm using Apache2 web server as a WAF with ModSecurity 2.9.3 module that uses OWASP rules ...
I was hoping to see if there was an easier, better, more efficient way of doing this. We get legit traffic that has 'xhtml' in the body of the request ...
I have a project (its an old project its actually only used as archive as we moved on from this app) with ResourceSpace, that sometimes needs to be ac ...
I think it's too much detail. I installed it on windows 7 and using apache server. https://i.stack.imgur.com/F55Yp.jpg https://i.stack.imgur.com/V09 ...
Note: Question has been updated: What I am really trying to solve is: Two types of requests: A and B. B shall only be allowed if A has been called ...
I'm lab with modSecurity using nginx, I have a question How can you set default action for actione doesn't match anyrule For example I have set of r ...
This question was migrated from Information Security Stack Exchange because it ...
We are using apache windows web server. When client hits our web URL we have a log in page (this is apache managed) that authenticates the user. We ne ...
We are using apache module for our web server(windows OS). We need to prevent unsuccessful authentication attempt by the user. Hence we thought to use ...
I need to block the ip addresses which access to more than 3 domains at the same time using ModSecurity For example if some ip accessed: Then we bl ...
I need a rule to block all POST requests to wp-login.php, But I need to check if the referer domain is equal to requested domain name We need to check ...