Matteo Pace
Matteo Pace
Using emscripten (`emconfigure` and `emmake`) I am working on compiling the library libmodsecurity for WebAssembly. [Referring to this issue](https://github.com/emscripten-core/emscripten/issues/14221) and [this solution](https://github.com/emscripten-core/emscripten/issues/14221#issuecomment-844733534), the main problem that I'm facing is that...
# Context `@pm` currently implicitly relies only on the ` ` (space) as the separator. For any more complex scenario has been suggested to rely on `rx` (less performant) or...
Context --- Several basic elements from the `modsecurity.conf` file (e.g. rules `200002`, `200003`, `200004`) are leading to a `RuntimeError` anticipated by a `stoi: no conversion error`. As far as I...
## Description Hi there, I'm facing a strange behaviour related to comments with a backtick that leads to not correctly detecting a SecMarker. I initially faced it running the CRS...
`REQUEST_URI` variable content goes automatically through a URL decoding transformation process: https://github.com/SpiderLabs/ModSecurity/blob/5b094c0ce9044044f740e135df2a60c5f0858d4d/src/transaction.cc#L466 Internally the transformation is based on the `HEX2DEC` array mapping. https://github.com/SpiderLabs/ModSecurity/blob/5b094c0ce9044044f740e135df2a60c5f0858d4d/src/utils/string.h#L34-L55 `HEX2DEC` array returns `(char)-1` when the conversion...
First report: https://github.com/coreruleset/coreruleset/issues/3266 (reporter: @leveryd) ### Describe the bug Rules with the `rx` operator matching the "start of line" metacharacter (`^`) behave differently based on the WAF engine. It depends...
## Summary `SecRuleUpdateActionByID` is currently not implemented and a user requested it [here](https://owasp.slack.com/archives/C02BXH135AT/p1700062184264039) (Coraza Slack channel). ### Basic example ``` SecRuleUpdateActionById 901450 "nolog" ``` ### Motivation `SecRuleUpdateActionByID` can be handy...
This PR evaluates the needed changes to align Coraza to Modsec v2 behavior rather than Modsec v3 in terms of default modifiers when compiling regexes. This necessity has been raised...
Currently, it is not mandatory to specify the `phase` of a rule. Creating the rule, [phase 2](https://github.com/corazawaf/coraza/blob/v3/dev/internal/corazawaf/rule.go#L518) is implicitly assigned. Reading @airween [comment](https://stackoverflow.com/questions/67316471/default-phase-in-modsecurity-rules), it seems to be aligned with ModSec...
Our `coraza.conf-recommended` file is including the following line: ``` SecRequestBodyNoFilesLimit 131072 ``` As far as I can see, we are actually [just reading the parameter](https://github.com/corazawaf/coraza/blob/4b1b82d97ce850c72cb12429f6610530242d2cdc/internal/seclang/directives.go#L893-L901), but we do not enforce...