Questions tagged [mod-security]
ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall.
mod-security
499
questions
0
votes
1
answer
37
views
How to allow specific Content types in Mod Security?
I am using:
Ubuntu 24.04
Plesk Obsidian 18.0.62
Apache/2.4.59
ModSecurity
Fail2ban
Free ModSecurity Rules from Comodo
I want to add a ModSecurity rule to accept text/x-gwt-rpc content type.
Adding ...
0
votes
2
answers
67
views
ModSecurity + Fail2Ban ban client IP sending post to Servlet
I am using:
Ubuntu 24.04
Plesk Obsidian 18.0.62
Apache/2.4.59
Tomcat/10.1.16
tomcat-connectors-1.2.49
libapache2-mod-jk
ModSecurity
Fail2ban
Free ModSecurity Rules from Comodo
And I have a servlet ...
0
votes
1
answer
35
views
Getting ModSecurity: Access denied with code 403 because the content of a POST contains the word "Filestore"
Web server is throwing an error ModSecurity; Access denied with code 403, [Rule:'ARGS' '@pmFromFile bl_db_domains'] [id '77316744"] [msg "IM360 WAF: Block by unknown DB injecion entry || ...
0
votes
1
answer
62
views
ModSecurity blocks after despite rule exclusions
I try to create a rule allowing any parameter value containing scrip%u0074 (Unicode value of t) to be passed. I create such a rule:
SecRule REQUEST_URI "@contains scrip%u0074" \
"id:...
0
votes
0
answers
50
views
owasp/modsecurity-crs:nginx libmodsecurity3 version 3.0.12 open() "/var/run/nginx.pid" failed (13: Permission denied)
I have been trying to set up owasp/modsecurity-crs:nginx to provide WAF security to my application
The reverse proxy is defined by
# Use the OWASP ModSecurity CRS image with Nginx
FROM owasp/...
0
votes
1
answer
40
views
ModSecurity turn off rules by IP for given URI for Apache server behind load balancer
For a given URI when a post request is executed, the given IP will be whitelisted for given ctl rules, where the server is behind a loadbalancer.
Here's a rule that allows traffic to the server. The ...
0
votes
1
answer
49
views
How to unblock a user-agent on time based logic using ModSecurity
Here's the situation:
If a particular user-agent sends more than 10 requests to the domain within 5 minutes, the rule must apply a response with a code 429. For that specific agent to that specific ...
0
votes
1
answer
57
views
Regex config fail2ban for multiline modsecurity
I'm trying to improve fail2ban configuration for modsecurity in nginx so that regex-expression covers the whole block, is without maxline and finally gives more accurate triggering. Made a regex and ...
0
votes
1
answer
23
views
ModSecurity Mutex Permission Denied
ModSecurity: collection_retrieve_ex: Failed to lock proc mutex: Permission denied [hostname "filip
Please advice how do resolve this issue, all of sites what error on this.
almalinux8
ispmanager
...
0
votes
0
answers
31
views
Issue with Sending Events to InfluxDB via Riemann
I'm facing two issues while attempting to send events to InfluxDB using Riemann:
Warning about Line Protocol: I keep receiving the following warning message:
WARNING: The writes: java.util.stream....
0
votes
1
answer
49
views
Update_user_meta() containing an Url triggers Modsecurity Rule
Since a recent update of wordpress or potentially Woocommerce, i cant save anymore custom fields that includes urls on the "edit-account" page of woocommerce, it triggers a ModSecurity Rule, ...
0
votes
3
answers
174
views
ModSecurity WAF log configuration
I'm using a ModSecurity WAF for my application that is defined within a k8s ingress.
The configuration looks like this:
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
nginx....
0
votes
1
answer
119
views
How to do rate limit for each website using Mod Security Module in Apache?
I have setup Mod Security (v2.9.5) for Apache 2.4.52 version on Ubuntu 22.04.
I want to do 'Rate Limit' for each website using Mod Security Rule, It should ask client to Retry after 'n' time (seconds ...
0
votes
0
answers
48
views
Apache2 Modsecurity configuration file error
I am trying to activate modsecurity by following the official documentation on https://www.linode.com/docs/guides/securing-apache2-with-modsecurity/
Firstly, the file I have is /etc/apache2/sites-...
0
votes
1
answer
35
views
Can we use back-references with Modsecurity 2.9 rsub operator?
I would like to know if we can use back-references with Modsecurity 2.9 rsub operator (Apache).
For example I have these 2 JSON response bodies:
BODY1 "Africa":
{
"error": "...