Skip to content

Issues: owasp-modsecurity/ModSecurity

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
80 Open 343 Closed
80 Open 343 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Behavior change in regex macro expansion from 2.9.7 to 2.9.8 affecting CRS 3.2.x and 3.3.x 2.x Related to ModSecurity version 2.x
#3380 opened May 12, 2025 by dune73
8
modsecurity.conf last file 2.x Related to ModSecurity version 2.x
#3367 opened Apr 25, 2025 by Max131412
6
Remove possiblity to disable early-blocking processing 2.x Related to ModSecurity version 2.x
#3362 opened Apr 17, 2025 by arminabf
9
Feature Request (v2): Add support for macro expansion for ipMatch operator 2.x Related to ModSecurity version 2.x
#3332 opened Jan 21, 2025 by EsadCetiner
6
base64Decode behaviour against payload which contain + and / 2.x Related to ModSecurity version 2.x
#3327 opened Jan 10, 2025 by touchweb-vincent
13
Transformation hexDecode should not allow badly encoded inputs, or documentation should be updated 2.x Related to ModSecurity version 2.x 3.x Related to ModSecurity version 3.x
#3325 opened Jan 9, 2025 by fzipi
3
ModSecurity 2.9.7 install on Windows is blocking access to some local URL 2.x Related to ModSecurity version 2.x
#3323 opened Jan 8, 2025 by adrianglendinningGPI
7
Post-use evaluation feedback 2.x Related to ModSecurity version 2.x
#3320 opened Jan 6, 2025 by zhouhao425
2
I'm having trouble importing the modsecurity module into nginx. 2.x Related to ModSecurity version 2.x
#3317 opened Dec 23, 2024 by MuhammetAliKara
7
Drop YAJL dependency 2.x Related to ModSecurity version 2.x 3.x Related to ModSecurity version 3.x
#3308 opened Nov 26, 2024 by mikelolasagasti
21
Segmentation fault in ModSecurity 2.9 for Apache 2.x Related to ModSecurity version 2.x
#3300 opened Nov 13, 2024 by vizovitin
@marcstern
49
Operator @rx has different flags in two engines 2.x Related to ModSecurity version 2.x
#3295 opened Nov 7, 2024 by airween
@marcstern
2
Unicode encoding (table) problem on engine level leading to CRS false positives (U+062F and U+D8AF resolving to slash) 2.x Related to ModSecurity version 2.x 3.x Related to ModSecurity version 3.x
#3294 opened Nov 4, 2024 by dune73
7
using iptables marks or ipsets 2.x Related to ModSecurity version 2.x
#3289 opened Oct 29, 2024 by f1-outsourcing
1
Inconsistent use of SecArgumentsLimit in Recommended Rules 2.x Related to ModSecurity version 2.x config Related to default config
#3261 opened Sep 25, 2024 by studersi
11
fix: Handle "filename*" field in MP header 2.x Related to ModSecurity version 2.x
#3239 opened Aug 25, 2024 by airween Loading…
@airween
23
[modsecurity.conf-recommended] align processing on request & response for json 2.x Related to ModSecurity version 2.x config Related to default config
#3175 opened Jun 24, 2024 by fzipi
4
Problem about proxy action 2.x Related to ModSecurity version 2.x Platform - Apache
#3170 opened Jun 12, 2024 by prince-java
7
Apache: Short Lingering Close 2.x Related to ModSecurity version 2.x Platform - Apache
#3143 opened May 15, 2024 by studersi
@marcstern
5
@rbl operator does not support IPv6 2.x Related to ModSecurity version 2.x 3.x Related to ModSecurity version 3.x bug It is a confirmed bug duplicate Ops. Somebody else already hit that bump 🥇 good first issue
#3131 opened Apr 24, 2024 by airween
@airween
Incorrect utf8toUnicode transformation for 00xx 2.x Related to ModSecurity version 2.x
#3129 opened Apr 23, 2024 by marcstern
3
feat: Allow regular expressions in ctl:ruleRemoveTargetByX variable names II. 2.x Related to ModSecurity version 2.x do not merge
#3121 opened Apr 16, 2024 by airween Loading…
@airween
40
Feature request: Limit the number of rules processed per request 2.x Related to ModSecurity version 2.x
#3112 opened Mar 25, 2024 by no-sec-marko
3
SanitiseArg does not work in RequestBody 2.x Related to ModSecurity version 2.x
#3089 opened Feb 21, 2024 by Seppl2202
6
No CPE for 3.0.11 and 3.0.12 2.x Related to ModSecurity version 2.x 3.x Related to ModSecurity version 3.x
#3083 opened Feb 14, 2024 by frankvanbever
4
ProTip! no:milestone will show everything without a milestone.