Nov 30, 2015 · I've just set up Apache modsecurity on a server, and in principle it works well, but I am getting rather a lot of false positives. I'm using the OWASP ModSecurity Core Rule Set (CRS), …

Jun 28, 2023 · Not the first one with ModSecurity: Access denied with code 403 (phase 2).... issues. But the thing is, I have a server, multiple websites, multiple webmail users and nobody is having any …

Jul 14, 2020 · So I was able to wrangle several other ModSecurity rules giving false positives for other situations but I'm having issues with this specific ruleset. When customers submit a form with a …

Oct 17, 2012 · How can we disable mod_security by using .htaccess file on Apache server? I am using WordPress on my personal domain and posting a post which content has some code block and as …

Aug 10, 2023 · 3 I'm using ModSecurity as WAF on my Apache 2 server. Everything works so fine; just when I post bigger JSON data to a special route will the WAF reject my request since the body is too …

Oct 20, 2023 · When I have a look at the Web Application Firewall page it shows the Core Rule Set as "OWASP (free) running on IIS (ModSecurity 2.9)". Some of my clients have been getting a lot of 403 …

Oct 1, 2016 · And I have a servlet on worker1. In Plesk, ModSecurity is set to "On" and uses Free ModSecurity Rules from Comodo. IP Address Banning (Fail2Ban) intrusion detection is "On". When I …

According to the official documentation: The extensibility model of the nginx server does not include dynamically loaded modules, thus ModSecurity must be compiled with the source code of the main …

Jan 24, 2022 · How to configuration Modsecurity logs? Asked 3 years, 11 months ago Modified 3 years, 11 months ago Viewed 4k times

ModSecurity SecRule to exclude an URL from any check Asked 5 years, 9 months ago Modified 5 years, 9 months ago Viewed 4k times