Comments (3)
Yes. We expected to see false-positives with this flag. However this is necessary since we had cases where people try to attack Apps sending SQLi data inside the filename=.
We cannot remove this checking because the multipart code is not being checked by RuleEngine. This is work mod_security was designed.
You could try add some exceptions to work with this false-positive.
from modsecurity.
I'm adding new variables MULTIPART_FILENAME and MULTIPART_NAME. I think we can update the CRS to use those variables and remove this checking in the future
from modsecurity.
Done. However before remove this checking we must update CRS and see if the rules will do the job. I will check with Ryan (CRS lead) if he can update it for 2.7.3 or not.
from modsecurity.
Related Issues (20)
- How to disable some logs? HOT 27
- Annoying DNS queries with @rbl operator HOT 18
- Feature request: Limit the number of rules processed per request HOT 3
- SecAuditLogPart 'E' is logged even if it is not configured HOT 7
- Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. HOT 6
- Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost?
- Lua installed, but Modsecurity still dont work with it HOT 2
- Phasing out SecStatusEngine HOT 2
- Regular Expression Failure Triggers `!@rx` HOT 1
- Incorrect utf8toUnicode transformation for 00xx
- docs, contributing: shorten description to improve flow for GitHub contributors, rewrite for owasp HOT 6
- @rbl operator does not support IPv6
- [Idea] Add variable support for SecAuditLog HOT 2
- % sign in URI must not be interpreted (other than for URI encoding) HOT 7
- Update link on Reference Manual v3 wiki page HOT 2
- Ignore SecStatusEngine directive in v2 HOT 1
- Encountering SIGSEGV when parsing multiple rule sets in parallel HOT 4
- is sanitiseArgs not supported in libmodsecurity3 version 3.0.12 HOT 5
- AH00526: Syntax error on line 93 of /etc/apache2/modsec/owasp-modsecurity-crs/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf: Error parsing actions: Unknown action: \\ Action 'configtest' failed. The Apache error log may have more information. HOT 2
- Apache: Short Lingering Close
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity.