SpiderLabs/ModSecurity issues and pull requests

#2792 - fix no "echo -n" in macOS's sh

Pull Request - State: closed - Opened by liudongmiao over 2 years ago - 2 comments

#2786 - Feature: Pm custom separator

Pull Request - State: open - Opened by M4tteoP over 2 years ago - 6 comments

#2785 - Fix: MULTIPART_INVALID_PART connected to wrong internal variable

Pull Request - State: closed - Opened by martinhsv over 2 years ago - 3 comments

#2782 - NULL pointer

Issue - State: open - Opened by marcstern over 2 years ago - 1 comment
Labels: 2.x

#2780 - V2/rule remove target by tag/macro

Pull Request - State: closed - Opened by marcstern over 2 years ago - 3 comments
Labels: enhancement, 2.x

#2773 - configure with --with-lua= / parameter seems to be not used

Issue - State: open - Opened by amsnek over 2 years ago - 2 comments
Labels: 3.x

#2764 - WordPress post produces: "Updating failed. The response is not a valid JSON response." for one particular link within post

Issue - State: closed - Opened by matteoraggi over 2 years ago - 13 comments

#2754 - rules with multiMatch may omit 'tag' information in audit log output

Issue - State: closed - Opened by chenjinlei over 2 years ago - 2 comments

#2750 - PCRE2 support still requires PCRE1

Issue - State: closed - Opened by dvershinin over 2 years ago - 6 comments

#2748 - Feature request: adding severity in ModSecurityIntervention

Pull Request - State: open - Opened by FedericoHeichou over 2 years ago - 6 comments

#2738 - Add SecArgumentsLimit to modsecurity.conf-recommended

Pull Request - State: closed - Opened by martinhsv almost 3 years ago

#2736 - Add isolated PCRE match limits as a layer of ReDoS defense

Pull Request - State: closed - Opened by brandonpayton almost 3 years ago - 20 comments

#2721 - Scheme

Pull Request - State: open - Opened by 877509395 almost 3 years ago - 2 comments

#2719 - Support PCRE2

Pull Request - State: closed - Opened by martinhsv almost 3 years ago - 5 comments

#2718 - Fix build errors with multiple Lua libraries

Pull Request - State: open - Opened by stanhu almost 3 years ago - 5 comments

#2710 - memory leak in msc_rules_add_file / msc_rules_cleanup

Issue - State: closed - Opened by liudongmiao almost 3 years ago - 18 comments

#2708 - fix simple examle in README

Pull Request - State: open - Opened by liudongmiao almost 3 years ago

#2686 - Support SecRequestBodyNoFilesLimit

Pull Request - State: closed - Opened by martinhsv almost 3 years ago

#2685 - V2/redundancy

Pull Request - State: closed - Opened by marcstern almost 3 years ago - 7 comments

#2639 - `ValidateSchema::evaluate` is not thread safe

Issue - State: closed - Opened by saiskee about 3 years ago - 2 comments

#2620 - Transaction pull style API to retrieve variable value

Pull Request - State: open - Opened by pr4u4t over 3 years ago

#2603 - apache and modsecurity

Issue - State: closed - Opened by ghost over 3 years ago - 3 comments

#2578 - fix memory leak in the example

Pull Request - State: open - Opened by bsulmanas over 3 years ago
Labels: 3.x

#2556 - Use of temporary variables in v3

Issue - State: closed - Opened by willyamcts almost 4 years ago - 7 comments
Labels: 3.x

#2554 - ipMatchFromFile does not support comments in v3

Issue - State: closed - Opened by tomsommer almost 4 years ago - 11 comments
Labels: 3.x

#2551 - Adds hyperscan support to pm operator

Pull Request - State: open - Opened by xiangwang1 almost 4 years ago - 5 comments
Labels: 3.x

#2536 - Loading Rule is not thread safe

Issue - State: closed - Opened by iosetek almost 4 years ago - 7 comments
Labels: 3.x

#2528 - "Make error" on centos 6

Issue - State: closed - Opened by 065191 almost 4 years ago - 9 comments

#2527 - Can I use m.getvar("RULE.id") to get the current rule id in 3.x version?

Issue - State: open - Opened by hygeiavvv almost 4 years ago - 4 comments
Labels: 3.x, workaround available

#2520 - Fix memory leak in lmdb.cc + improve performance while reading collections in resolveMultiMatches

Pull Request - State: open - Opened by ziollek almost 4 years ago - 4 comments
Labels: 3.x

#2518 - fix for #2514, thanks to @ylavic

Pull Request - State: closed - Opened by pgajdos almost 4 years ago - 3 comments
Labels: 2.x

#2472 - sanitiseMatchedBytes only works with 1 digit parameters

Issue - State: open - Opened by marcstern about 4 years ago - 5 comments
Labels: 2.x, pending feedback

#2432 - ctl:ruleRemoveTargetByTag does not support regex in ModSecurity v3.x

Issue - State: open - Opened by martinhsv over 4 years ago - 1 comment
Labels: enhancement, 3.x

#2417 - fix MULTIPART_UNMATCHED_BOUNDARY

Pull Request - State: open - Opened by zehric over 4 years ago - 14 comments
Labels: 3.x

#2409 - modsecurity v3 ,Centos 7, the lua not work

Issue - State: closed - Opened by HL123 over 4 years ago - 2 comments

#2363 - V2/json empty

Pull Request - State: closed - Opened by marcstern over 4 years ago - 7 comments
Labels: 2.x

#2360 - nginx -t very slow with modsec enabled 15 sec !

Issue - State: closed - Opened by albgen over 4 years ago - 19 comments

#2357 - Incorrect escaping in @rx operator with macro expansion

Issue - State: closed - Opened by marcstern over 4 years ago - 18 comments
Labels: enhancement, 2.x

#2354 - Command nginx -t create file modsec-shared-collections in directory where it run

Issue - State: open - Opened by unix196 over 4 years ago - 2 comments
Labels: 3.x

#2353 - Add Cyrilyc charracters to unicode.mapping

Pull Request - State: open - Opened by zeridon over 4 years ago
Labels: 3.x

#2341 - PATCH method dies with mod security with nginx configured as proxy/ingress

Issue - State: open - Opened by PaulCharlton over 4 years ago - 22 comments
Labels: Platform - Nginx, 3.x, workaround available

#2340 - Timezone is not included in the time_stamp field of audit log in JSON format

Issue - State: open - Opened by yesjustyet over 4 years ago - 12 comments
Labels: enhancement, 3.x, workaround available

#2328 - Could not use equal sign in xpath expression

Issue - State: closed - Opened by dennus over 4 years ago - 5 comments
Labels: 3.x

#2304 - Support reopening audit logs

Pull Request - State: open - Opened by brandonpayton almost 5 years ago - 10 comments
Labels: 3.x

#2240 - LMDB installed perfectly but its not showing up in working

Issue - State: closed - Opened by nasirbas1 about 5 years ago - 39 comments
Labels: 3.x

#2219 - Accepts JSON without key [Issue #1576]

Pull Request - State: closed - Opened by marcstern about 5 years ago - 4 comments
Labels: 2.x

#2206 - Problem in retrieving collections from Persistant Storage

Issue - State: closed - Opened by marcstern about 5 years ago - 5 comments
Labels: 2.x

#2177 - Use local memory pool inside update_rule_target_ex() to reduce memory footprint

Pull Request - State: closed - Opened by argenet over 5 years ago
Labels: 2.x

#2119 - Adds neutralizeSafeEncoding and utf8toChar transformations to fix utf8/base64/hex32 false positives

Pull Request - State: closed - Opened by j0k2r over 5 years ago - 1 comment
Labels: 3.x, pr available, workaround available, new feature

#2072 - How can we avoid ReDoS without trust on PCRE limits

Issue - State: closed - Opened by zimmerle almost 6 years ago - 13 comments
Labels: 3.x

#2052 - JSON Parser error: parse error: premature EOF\x0a - POST request with valid JSON and libYAJL compiled on Centos7

Issue - State: closed - Opened by microphone-mathematics almost 6 years ago - 6 comments
Labels: 3.x, workaround available

#2045 - V3/reqbodyproc

Pull Request - State: open - Opened by airween almost 6 years ago
Labels: enhancement, 3.x, pr available, workaround available

#2041 - "Database is not open. Use: SecGeoLookupDb directive." after reload

Issue - State: closed - Opened by jptosso almost 6 years ago - 9 comments
Labels: enhancement, 3.x, workaround available

#2012 - WIP: Add RE2 regexp engine support

Pull Request - State: open - Opened by WGH- about 6 years ago - 11 comments
Labels: enhancement, 3.x, new feature

#1944 - modsecurity 3.0.x. What's the DeprecateVar alternative ?

Issue - State: open - Opened by mtricolici over 6 years ago - 7 comments
Labels: RIP - libmodsecurity, 3.x, RIP - Type - Usage

#1933 - Updating RequestBodyNoFilesLimit at runtime (feature request)

Issue - State: open - Opened by welljsjs over 6 years ago - 7 comments
Labels: 2.x, waiting for v3

#1927 - Nginx Worker Processes not reloading on nginx -s reload

Issue - State: closed - Opened by ledzepp4eva over 6 years ago - 2 comments
Labels: RIP - libmodsecurity, 3.x

#1914 - JSON support was not enabled (Make it required?)

Issue - State: closed - Opened by davewichers over 6 years ago - 6 comments
Labels: 2.x, RIP - Type - Usage

#1898 - Implement support to Sanitize on v3

Issue - State: open - Opened by zimmerle over 6 years ago - 9 comments
Labels: RIP - libmodsecurity, libmodsec - missing features, 3.x

#1840 - Modsecurity For iis return status code 500 always

Issue - State: closed - Opened by GwakMin over 6 years ago - 2 comments
Labels: Platform - IIS, 2.x, duplicate

#1803 - ModSecurity collection expirevar does not work

Issue - State: closed - Opened by sobigboy over 6 years ago - 17 comments
Labels: 3.x, workaround available

#1754 - How to use persistent collections in ModSecurty v3.0.x?

Issue - State: closed - Opened by LeeShan87 almost 7 years ago - 16 comments
Labels: bug, RIP - libmodsecurity, 3.x

#1510 - Fixed typos in conditional compile

Pull Request - State: closed - Opened by marcstern over 7 years ago - 1 comment

#1471 - Multipart: Final boundary missing.

Issue - State: open - Opened by tomsommer over 7 years ago - 23 comments
Labels: 2.x, workaround available

#1414 - Allow $1, $2 ... $9 in @rsub replacement string

Pull Request - State: closed - Opened by marcstern over 7 years ago - 1 comment

#1344 - Caddy web server support

Issue - State: closed - Opened by medfx almost 8 years ago - 7 comments

#1311 - ModSecurity module doesn't follow AddType when AddHandler is missing

Issue - State: closed - Opened by wanderer22 about 8 years ago - 1 comment
Labels: bug, 2.x

#1255 - Rules to prevent slowloris are not working

Issue - State: closed - Opened by fuckingbaidu about 8 years ago - 9 comments

#911 - ctl:removeTargetById doesn't know how to work with regex

Issue - State: open - Opened by odesk2dot2by over 9 years ago - 4 comments
Labels: RIP - Type - Feature, enhancement, RIP - libmodsecurity, TBF by libmodsec, 2.x, 3.x

#819 - SecAuditLogParts not working: mod_security keeps logging response body

Issue - State: closed - Opened by san7812 about 10 years ago - 9 comments

#601 - Audit log always contains HTTP/1.1 500 Internal Server Error

Issue - State: closed - Opened by sarvasana about 11 years ago - 8 comments
Labels: bug, Platform - IIS, Platform - Standalone

GitHub / SpiderLabs/ModSecurity issues and pull requests