I'm using a ModSecurity WAF for my application that is defined within a k8s ingress. The configuration looks like this: nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true" nginx.ingress.kubernetes.io/enable-modsecurity: "true" nginx.ingress.kubernetes.io/modsecurity-snippet: | SecAuditEngine RelevantOnly SecRuleEngine On SecAuditLogParts AZ SecAuditLog /dev/stdout SecAuditLogFormat JSON SecRequestBodyAccess On SecRequestBodyLimit 104857600…
I am using a docker image from OWASP in my pipeline to scan my web app and produce a HTML report, and I am encountering a problem I've spent the whole day trying to solve. When running the scan job,…
I'm really new to modsecurity and I'm having some issues in understanding the rule editing. I need to return 200 to the requests arriving form a specific endpoint that starts with /myendpoint/ but I still want to deny the endpoint…
I have Ubuntu 18.10 with apache2, libapache2-mod-security2, modsecurity-crs packages with their default configuration except for enabling ModSecurity debug logging and copying modsecurity.conf-recommended and adding SecRuleEngine On. I added a new SecRule to a separate file in /etc/modsecurity/ Content of /etc/modsecurity/sf4-modsec.conf…