Ervin Hegedus
Ervin Hegedus
Hi there, I'ld like to build a simple remote switch through HTTP. The examples are good points to start. But there is a problem: when I set up the gateway,...
**Describing of bug** In v2, if a SecRule contains a sequence of `\\` (double backslash), the parser interprets it as a single `\` (backslash) character. This is because the reading...
**Describe the bug** If the `SecRequestBodyAccess` is `off`, then the engine skips all rules which has `phase:2` action. **To Reproduce** [Here](https://gist.github.com/airween/f20120d8e419cd72c03ecb2aeb6a54fe) you can find a regression test case. In the...
### Motivation In 2021 on the developer retreat, there was a discussion [about](https://github.com/coreruleset/coreruleset/wiki/DevRetreat21ModSecRecommendedRulesl) recommended rules for ModSecurity. This Wiki page explains four issues about default [modsecurity.conf-recommended](https://github.com/SpiderLabs/ModSecurity/blob/v3/master/modsecurity.conf-recommended) (and of course for...
This PR is just a draft, please do not merge it. The patch contains several exclusions for RoundCube webmail. In case of RoundCube all requests go to URI `/` or...
I have two expressions which run too long time: ``` $ time bin/regexploit Welcome to Regexploit. Enter your regexes: (?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)(regexp) ^C real 3m34,572s user 3m33,582s sys 0m0,016s ``` as you...
Hi, I ran into a problem with two regular expressions: ``` $ bin/regexploit Welcome to Regexploit. Enter your regexes: (?i)(?:(?:(?:(?:trunc|cre|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|alter|load)\s*?\(\s*?space\s*?\(|,.*?[)\da-f\"'`][\"'`](?:[\"'`].*?[\"'`]|(?:\r?\n)?\z|[^\"'`]+)|\Wselect.+\W*?from)(regexp) Error parsing: (?i)(?:(?:(?:(?:trunc|cre|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|alter|load)\s*?\(\s*?space\s*?\(|,.*?[)\da-f\"'`][\"'`](?:[\"'`].*?[\"'`]|(?:\r?\n)?\z|[^\"'`]+)|\Wselect.+\W*?from)(regexp) bad escape \z at position 164 No...
With these commits, the Apache passes all CRS (3.1) regression tests (with patched libmodsecurity3).
We use BBB and the ITSec team found an issue:  They said that if the user downloads the record file, the components (and versions) used are visible and potentially...
We use BBB and the ITSec team found an issue:  They said this is not a critical issue (it's a low level classification), but if the back-end runs on...