Nov 30, 2015 · I've just set up Apache modsecurity on a server, and in principle it works well, but I am getting rather a lot of false positives. I'm using the OWASP ModSecurity Core Rule Set (CRS), …

Jun 28, 2023 · Not the first one with ModSecurity: Access denied with code 403 (phase 2).... issues. But the thing is, I have a server, multiple websites, multiple webmail users and nobody is having any …

Jul 14, 2020 · So I was able to wrangle several other ModSecurity rules giving false positives for other situations but I'm having issues with this specific ruleset. When customers submit a form with a …

Oct 17, 2012 · How can we disable mod_security by using .htaccess file on Apache server? I am using WordPress on my personal domain and posting a post which content has some code block and as …

The fact you have a ModSecurity alert means that you can't have empty activated_rules folder or you are including the rules in some other way. There are known problems with ModSecurity for this error …

Aug 10, 2023 · 3 I'm using ModSecurity as WAF on my Apache 2 server. Everything works so fine; just when I post bigger JSON data to a special route will the WAF reject my request since the body is too …

Sep 6, 2024 · Ingress NGINX Modsecurity allowed_request_content_type is not recognized Asked 1 year, 3 months ago Modified 1 year, 3 months ago Viewed 345 times

Apr 13, 2022 · The Project involves the testing of the WAF against malcious attacks, and it works fine for mosts of the attacks, ModSecurity detects and blocks SQL Injection, XSS , FLI, RFI, and so on, but …

Mar 7, 2024 · I am using mod_security 2.9.3, together with the Core Rule Set version 3.2.3, both as packaged for Debian 10 ('buster' – yes, I know this is reaching the end of support), and I'm getting …

The default values for the PCRE Match limit are very, very low with ModSecurity. You can got to 500K usually without harming your set. But for your information: The PCRE Match limit is meant to reduce …