Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / SpiderLabs/ModSecurity issues and pull requests

#3035 - lua m.log(2, "4444") where is the log message?

Issue - State: open - Opened by leveryd about 1 year ago

#3034 - Is the v3 version compatible with the owasp rules of the v2 version

Issue - State: closed - Opened by tiankanghello about 1 year ago - 1 comment

#3033 - modsecurity.org is not available: 502 Proxy Error

Issue - State: closed - Opened by Daijobou about 1 year ago - 1 comment

#3032 - Detailed error message when writing collections

Pull Request - State: open - Opened by marcstern about 1 year ago

#3030 - Body response is not logged for some requests

Issue - State: closed - Opened by tigrouind about 1 year ago - 2 comments

#3029 - After using WAF forwarding, the custom header "authorization_bar" is missing

Issue - State: closed - Opened by net-lin-dev about 1 year ago - 2 comments

#3027 - Fix a small comment spell

Pull Request - State: open - Opened by StarryVae about 1 year ago

#3026 - Modsecurity audit log (JSON) - messages field structure

Issue - State: closed - Opened by donatasiv about 1 year ago - 1 comment
Labels: 2.x

#3025 - fix missing libxml2 headers

Pull Request - State: closed - Opened by pgnd about 1 year ago - 2 comments

#3024 - Add WRDE_NOCMD to wordexp call

Pull Request - State: closed - Opened by martinhsv about 1 year ago

#3023 - Compilation failing with libxml-related errors (with libxml 2.12.0 - 2.12.2)

Issue - State: closed - Opened by Marcool04 about 1 year ago - 7 comments

#3022 - SecRequestBodyAccess Off is still loading request body in memory

Issue - State: open - Opened by cerebox about 1 year ago - 3 comments

#3021 - Filter User Agent by the word 'bot' and whitelist

Issue - State: closed - Opened by AngelSamuel about 1 year ago - 2 comments

#3020 - V2/mst/log coll key2

Pull Request - State: closed - Opened by marcstern about 1 year ago - 1 comment

#3019 - Log involved collection key in case of DBM write error

Pull Request - State: closed - Opened by marcstern about 1 year ago - 1 comment

#3018 - Skip XML element from mod sec rule scanning from xml payload

Issue - State: closed - Opened by vsharm22 about 1 year ago - 2 comments

#3016 - fix: makes uri decode platform independent

Pull Request - State: open - Opened by M4tteoP about 1 year ago

#3015 - [Question] Modsecurity metrics

Issue - State: closed - Opened by Norsu296 about 1 year ago - 3 comments

#3014 - Fix: validateDTD compile fails if when libxml2 not installed

Pull Request - State: closed - Opened by martinhsv about 1 year ago

#3013 - Cannot compile latest 3.0.10 on macOS Sonoma (M1)

Issue - State: closed - Opened by zangobot about 1 year ago - 6 comments

#3012 - ctl:ruleRemoveByTag isn't executed if no rule id is present in the rule

Pull Request - State: open - Opened by marcstern about 1 year ago - 4 comments
Labels: 2.x

#3011 - removeByTag isn't executed if no rule id is present in the rule

Pull Request - State: closed - Opened by marcstern about 1 year ago - 1 comment

#3010 - Performance enhancement calling expand_macros()

Issue - State: open - Opened by marcstern about 1 year ago - 1 comment

#3009 - Suppress useless loop on tag matching

Pull Request - State: open - Opened by marcstern about 1 year ago

#3008 - Fix memory leak of validateDTD's dtd object

Pull Request - State: closed - Opened by martinhsv over 1 year ago

#3007 - 408 http code generated by mod_reqtimeout is not detected

Issue - State: open - Opened by ShaiMagal over 1 year ago - 11 comments
Labels: 2.x

#3006 - Mask the PII in response

Issue - State: closed - Opened by shubhagarwal14 over 1 year ago - 1 comment

#3005 - Fix memory leaks in ValidateSchema

Pull Request - State: closed - Opened by martinhsv over 1 year ago

#3003 - Ignore (consistently) empty actions

Pull Request - State: open - Opened by marcstern over 1 year ago

#3002 - New Feature: Length of different parameters of the request

Issue - State: closed - Opened by shubhagarwal14 over 1 year ago - 4 comments

#3001 - V3/dev/action expirevar

Pull Request - State: closed - Opened by martinhsv over 1 year ago

#3000 - ModSecurity always log our "400" request ?

Issue - State: closed - Opened by guldil over 1 year ago - 10 comments

#2999 - Allow to store only the length of ARGS values in ARGS_COMBINED_SIZE

Pull Request - State: closed - Opened by marcstern over 1 year ago - 6 comments

#2998 - Question about rule syntax

Issue - State: closed - Opened by marcogiorgio over 1 year ago - 4 comments

#2997 - Add context info to error message

Pull Request - State: open - Opened by marcstern over 1 year ago

#2996 - Allow lua version 5.4

Pull Request - State: closed - Opened by martinhsv over 1 year ago - 1 comment
Labels: 2.x

#2995 - [Help] `SecAuditLogType HTTPS` is only suport with `SecAuditLogFormat JSON`?

Issue - State: closed - Opened by actanble over 1 year ago - 2 comments

#2994 - Implement msre_action_phase_validate()

Pull Request - State: open - Opened by marcstern over 1 year ago

#2993 - Removed redundant processing for "sanitizeXXX" actions

Pull Request - State: open - Opened by marcstern over 1 year ago

#2991 - IIS multiple response headers with the same name

Issue - State: open - Opened by Rtw915 over 1 year ago - 7 comments

#2990 - IIS ARR RESPONSE_HEADERS:Set-Cookie missing

Issue - State: closed - Opened by Rtw915 over 1 year ago - 1 comment

#2989 - Add support for lua 5.4; remove curl deprecation

Issue - State: closed - Opened by 3eka over 1 year ago - 4 comments
Labels: 2.x, 2.x - mlogc

#2988 - cannot upload files such as .jpg, .jpeg, .png, .pdf, .doc

Issue - State: closed - Opened by nuroji over 1 year ago - 9 comments

#2987 - 'jit' variable not initialized when WITH_PCRE2 is defined

Pull Request - State: open - Opened by marcstern over 1 year ago - 2 comments

#2986 - SecRuleRemoveById inside Apache virtual host

Issue - State: closed - Opened by mirawara over 1 year ago - 3 comments

#2985 - Fix: lmdb regex match on non-null-terminated string

Pull Request - State: closed - Opened by martinhsv over 1 year ago

#2983 - Fix memory leaks in lmdb code (new'd strings)

Pull Request - State: closed - Opened by martinhsv over 1 year ago - 1 comment

#2982 - Is nginx 1.24 incompatible with 3.0.10?

Issue - State: closed - Opened by xujili8691 over 1 year ago - 2 comments

#2981 - update the wiki page for SecRuleRemoveByID

Issue - State: closed - Opened by Guiteguit over 1 year ago - 4 comments

#2980 - build: don't directly use the .libs directory

Pull Request - State: open - Opened by orbea over 1 year ago - 1 comment

#2979 - rsub Not supported in v3.x?

Issue - State: closed - Opened by swzaaaaaaa over 1 year ago - 2 comments

#2978 - nginx centos 7

Issue - State: closed - Opened by koteshr-tml over 1 year ago - 1 comment

#2977 - Fix infinite loop bug from static analysis.

Pull Request - State: closed - Opened by bhawikagupta over 1 year ago - 2 comments

#2976 - multiple reload of page cause intervention to be disruptive on favicon.ico

Issue - State: closed - Opened by ampminfo over 1 year ago - 3 comments

#2975 - Configure: do not check for pcre1 if pcre2 requested

Pull Request - State: closed - Opened by martinhsv over 1 year ago - 8 comments
Labels: 2.x

#2974 - Modsecurity v3 lua script

Issue - State: closed - Opened by Grayl1 over 1 year ago - 1 comment

#2973 - Invalid PCRE2 JiT check

Issue - State: open - Opened by marcstern over 1 year ago - 4 comments
Labels: 2.x

#2972 - PCRE2 performance

Issue - State: open - Opened by marcstern over 1 year ago

#2971 - Update verify_ssn.cc to fix new format

Pull Request - State: open - Opened by jakubsuchy over 1 year ago

#2970 - verifySSN: Area code can be larger than 740

Issue - State: open - Opened by jakubsuchy over 1 year ago - 1 comment

#2969 - Double memory allocation

Pull Request - State: open - Opened by marcstern over 1 year ago
Labels: 2.x

#2968 - ; incorrectly replaced by space in cmdline

Pull Request - State: open - Opened by marcstern over 1 year ago

#2967 - V2/mst/log noid

Pull Request - State: closed - Opened by marcstern over 1 year ago - 2 comments

#2966 - PCRE2 support still requires PCRE1

Issue - State: closed - Opened by zhaoshikui over 1 year ago - 7 comments
Labels: 2.x

#2965 - Fix for issue 2849

Pull Request - State: closed - Opened by marcstern over 1 year ago - 1 comment

#2964 - Macro expansion for ruleRemoveTargetByTag & ruleRemoveTargetByMsg

Pull Request - State: open - Opened by marcstern over 1 year ago

#2963 - Fix for DEBUG_CONF compile flag

Pull Request - State: open - Opened by marcstern over 1 year ago

#2962 - Macro expansion for ruleRemoveTargetByTag & ruleRemoveTargetByMsg

Pull Request - State: closed - Opened by marcstern over 1 year ago

#2961 - Fix for DEBUG_CONF flag

Pull Request - State: closed - Opened by marcstern over 1 year ago

#2960 - Fixed 2 memory leaks

Pull Request - State: open - Opened by marcstern over 1 year ago

#2959 - Fix for remaining of PR2263

Pull Request - State: closed - Opened by marcstern over 1 year ago

#2958 - Check return code of apr_procattr_io_set()

Pull Request - State: closed - Opened by marcstern over 1 year ago - 1 comment
Labels: 2.x

#2957 - Compatibility with libyajl decoding the buffer inline

Pull Request - State: open - Opened by marcstern over 1 year ago

#2956 - Centralized function to get user name

Pull Request - State: open - Opened by marcstern over 1 year ago

#2955 - Handle capture as tx.1=char in validateByteRange

Pull Request - State: open - Opened by marcstern over 1 year ago - 5 comments
Labels: 2.x

#2954 - remove useless memset

Pull Request - State: open - Opened by marcstern over 1 year ago

#2953 - remove useless apr_pstrdup()

Pull Request - State: open - Opened by marcstern over 1 year ago

#2952 - Expand macros in ruleRemoveTargetByMsg & ruleRemoveTargetByTag

Pull Request - State: closed - Opened by marcstern over 1 year ago - 1 comment

#2951 - Allow multiple digits in sanitizeMatchedBytes

Pull Request - State: open - Opened by marcstern over 1 year ago - 2 comments
Labels: 2.x

#2950 - Logging enhancement: in case of no id, show file info

Pull Request - State: open - Opened by marcstern over 1 year ago

#2949 - Regex in setvar variables (issues 2927)

Pull Request - State: open - Opened by marcstern over 1 year ago

#2948 - Remove redundant tags (and actions)

Pull Request - State: closed - Opened by marcstern over 1 year ago - 3 comments

#2947 - status 400 instead of 500 on XML/JSON parsing error

Pull Request - State: open - Opened by marcstern over 1 year ago

#2946 - Fix for https://github.com/SpiderLabs/ModSecurity/issues/610

Pull Request - State: open - Opened by marcstern over 1 year ago

#2945 - Support for "filename*" in multipart (precedence over "filename")

Pull Request - State: closed - Opened by marcstern over 1 year ago - 6 comments
Labels: 2.x

#2944 - Support for "filename*" in multipart (precedence over "filename")

Pull Request - State: closed - Opened by marcstern over 1 year ago - 1 comment

#2943 - IIS modsecurity lets encrypt extensionless verification

Issue - State: closed - Opened by zvekan over 1 year ago - 2 comments

#2941 - https://github.com/SpiderLabs/ModSecurity/issues/533

Pull Request - State: open - Opened by marcstern over 1 year ago

#2940 - V2/mst/nullcheck

Pull Request - State: open - Opened by marcstern over 1 year ago

#2939 - Configure: add additional name to pcre2 pkg-config list

Pull Request - State: closed - Opened by martinhsv over 1 year ago - 1 comment

#2938 - how correspondence between modsecurity phase(1--5) and nginx phase(1--11)?

Issue - State: closed - Opened by successjian over 1 year ago - 2 comments

#2937 - connection between modsecurity and core rule set

Issue - State: closed - Opened by sushmakummari over 1 year ago - 1 comment