Activity for Chaim Sanders
-
Chaim Sanders posted a comment on discussion Installation and Configuration
These are Comodo's rules, you'll have to reach out to them for support. Thanks! On Tue, May 28, 2019 at 1:49 AM Ehsan Javidi javidi@users.sourceforge.net wrote: Hi There is a strange problem with the site that the mode Security plugin has blocked. The plugin recognizes the site's address as an injection! WAF error: http://oneclickpaste.com/9311/ domian: wordpress@amlakeparand.com Data has the following conditions: 1- has "<" first 2- has "and." somewhere after 1 3- has ">" somewhere after 2 regular...
-
Glad you got it working :) On Sun, Apr 14, 2019, 11:42 AM Escher Penrose penrose@users.sourceforge.net wrote: Great ! It work fine In crs-setup.conf i change SecDefaultAction "phase:1,log,auditlog,pass" SecDefaultAction "phase:2,log,auditlog,pass" by SecDefaultAction "phase:1,logdata:%{request_headers.host},log,auditlog,pass" SecDefaultAction "phase:2,logdata:%{request_headers.host},log,auditlog,pass" And i obtain: [client x.x.x.x] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched...
-
This can be done! You'd want to capture the value of REQUEST_HEADERS:Host and add it to one of the output areas https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#request_headers. I'd recommend something like "logdata:%{MY_HOST_HEADER}" ( https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#logdata ). Now the real key here is that since you're using CRS, you'll want to change the action of all those rules to include this logdata. The recommended approach is to...
-
I see what you're going for. Check out the regex the OWASP Core Rule Set twitter (https://twitter.com/CoreRuleSet) just suggested: SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "@rx ^#|[(?:\'|\")?#.*]" "id:123,phase:2,deny,status:403,t:urldecodeuni,msg:'SA-CORE-2018-002'" On Thu, Mar 29, 2018 at 10:10 AM, Joseph Jozwik jjozwik@users.sourceforge.net wrote: Working on a rule to block traffic based on the starting character of ARGS_NAMES either cookie, get or post Example allow name=Joe Example block name=Joe...
-
This forum isn't supported anymore, please use github or IRC for support.
-
Hey @Daniel Kolar, This form isn't supported anymore. If you have any further questions please reach out on the ModSecurity Github page. Thanks!
-
Please open such issues on github to get assistance https://github.com/SpiderLabs/owasp-modsecurity-crs
-
If you're having an issue please add it to Github, as this form isn't monitored anymore.
-
To receive support please open a git issue.
-
Hey Elle, in the future please use github :). In either event, here you would need...
-
You can use a rule such as SecRule REQUEST_HEADERS:Referer "!@contains ://%{SERVER_NAME}/"...
-
Please use git or the mailing lists in the future for such questions. This is likley...
-
I don't believe we have such functionality currently but it would be very helpful...
1