Skip to content

Issues: owasp-modsecurity/ModSecurity

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
21 Open 85 Closed
21 Open 85 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Escape double quotation mark character in non-regex operator 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3252 opened Sep 10, 2024 by capy3ra
5
libModSecurity3: all triggered rule IDs sometimes won't be logged with anomaly scoring 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3204 opened Aug 2, 2024 by EsadCetiner
@airween
3
[BUG] multiMatch lead to unexpected match 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3183 opened Jul 15, 2024 by leveryd
1
No error log if noauditlog is set 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3180 opened Jul 8, 2024 by Rapsody09
5
@rbl operator does not support IPv6 2.x Related to ModSecurity version 2.x 3.x Related to ModSecurity version 3.x bug It is a confirmed bug duplicate Ops. Somebody else already hit that bump 🥇 good first issue
#3131 opened Apr 24, 2024 by airween
@airween
Regular Expression Failure Triggers !@rx 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3123 opened Apr 19, 2024 by ssigwart
@airween
6
libmodsecurity3: Request body is not logged 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3109 opened Mar 19, 2024 by EsadCetiner
@airween
10
SecRuleScript actions always considered disruptive 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3108 opened Mar 16, 2024 by theseion
@airween
1
libmodsecurity3: SecAction can't be disabled via ctl action 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3053 opened Feb 6, 2024 by EsadCetiner
3
Regex key non-matches with libModSecurity persistent storage 3.x Related to ModSecurity version 3.x bug It is a confirmed bug
#3039 opened Jan 26, 2024 by martinhsv
1
Target transformed even when ignored via ctl: action 2.x Related to ModSecurity version 2.x bug It is a confirmed bug
#2932 opened Jul 20, 2023 by marcstern
2
@ipMatch misses IP with multiple values 2.x Related to ModSecurity version 2.x bug It is a confirmed bug Platform - Apache
#2893 opened Apr 20, 2023 by marcstern
1
ModSecurity not finding SecMarker in phase 2 2.x Related to ModSecurity version 2.x bug It is a confirmed bug Platform - Apache
#2865 opened Jan 20, 2023 by TomCan
12
Apache httpd does not execute ErrorDocument directive if response code is changed during phase 4 2.x Related to ModSecurity version 2.x bug It is a confirmed bug Platform - Apache
#2849 opened Dec 22, 2022 by TomasKorbar
bad request leads to two responses 2.x Related to ModSecurity version 2.x bug It is a confirmed bug Platform - Apache
#2514 opened Feb 16, 2021 by pgajdos
9
Memory pointer error in JSON sanitization 2.x Related to ModSecurity version 2.x bug It is a confirmed bug
#2344 opened Jun 19, 2020 by marcstern
@martinhsv
6
Logging to NGINX error_log but not audit 3.x Related to ModSecurity version 3.x bug It is a confirmed bug Platform - Nginx pr available
#2237 opened Jan 13, 2020 by dto20
@victorhora
10
Issue with @inspectFile CGI environment variable PATH_TRANSLATED bug It is a confirmed bug Platform - Apache RIP - Type - Feature
#868 opened Apr 16, 2015 by TobiasGrave v2.9.4
@victorhora
5
IIS8.5 - ModSecurity 2.8 - Access denied folder loop handling prevents proper config loading 2.x Related to ModSecurity version 2.x bug It is a confirmed bug Platform - IIS
#812 opened Dec 9, 2014 by sAnexeh v2.9.4
@victorhora
sanitiseMatchedBytes only sanitizes the first match bug It is a confirmed bug enhancement Platform - Apache Platform - IIS Platform - Java Platform - Nginx Platform - Standalone TBF by libmodsec
#673 opened Mar 7, 2014 by spectrumjade v3.1.0
@victorhora
Basic streaming detection on raw request/response 2.x Related to ModSecurity version 2.x 3.x Related to ModSecurity version 3.x bug It is a confirmed bug enhancement
#304 opened Oct 17, 2013 by rcbarnett-zz
@zimmerle
4
ProTip! Find all open issues with in progress development work with linked:pr.