Felipe Zimmerle
Felipe Zimmerle
As listed at #715 the Sanitize actions are not yet working on v3. https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#sanitiseArg
Should be very interesting to have such functionality. One utility will be to deal with JSON values in cookies... Further information: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/46
PCRE is one of the most popular regex libraries available out there. It is heavily used in ModSecurity although it may be optional on 3.1 where Hyperscan and RE2 are...
Thank you for putting all those resources together. Amazing! Do you guys happen to know any good framework or practical implementation for multi-party fair exchange? thank you.
The Apache configuration directives are available in v2 here: https://github.com/SpiderLabs/ModSecurity/blob/v2/master/apache2/apache2_config.c#L3180-L3923 This functionality have to be mimic-ed into something related on version 3. In case of an error, the error message...
At the module startup we should have a banner to tell the version and everything else that may help during issue reporting process.
Performance is a key element, specially in large deployments. We don't want the user to disappointed by the bad performance results after an upgrade. Notice however that the expectancy of...
In the past during the transition from ModSecurity 1 to ModSecurity 2, it was chosen to rename the module as mod_security2.so. Naturally the version 3 will be called mod_security3 and...
Use the Log Parser utility to make sure that results aren't different from version 2 to version 3. Use the OWASP version 3. The log parser utility is available here:...
Currently implementation is not looking into all phases that we current support on libModSecurity. It it mandatory to have it working on all the phases.