Skip to content

Issues: owasp-modsecurity/ModSecurity

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
50 Open 140 Closed
50 Open 140 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Performance enhancement calling expand_macros() 2.x Related to ModSecurity version 2.x enhancement
#3010 opened Oct 31, 2023 by marcstern
1
Regex in setvar variables 2.x Related to ModSecurity version 2.x enhancement
#2927 opened Jul 12, 2023 by marcstern
4
XML: there is no way to obtain actual error message from libxml2 on parsing failures 3.x Related to ModSecurity version 3.x enhancement
#2565 opened May 5, 2021 by defanator
[Feature request] Offset support for SecRuleUpdateTargetById 3.x Related to ModSecurity version 3.x enhancement
#2508 opened Jan 27, 2021 by azurit
@zimmerle
1
allow logging to systemd journal 3.x Related to ModSecurity version 3.x enhancement
#2506 opened Jan 24, 2021 by adrelanos
@zimmerle
6
Change SecRuleRemoveByMsg behaviour to looking of substring 3.x Related to ModSecurity version 3.x enhancement
#2476 opened Dec 15, 2020 by SandakovMM
@zimmerle @martinhsv
sanitiseMatchedBytes only works with 1 digit parameters 2.x Related to ModSecurity version 2.x enhancement
#2472 opened Dec 8, 2020 by marcstern
@zimmerle
5
ctl:ruleRemoveTargetByTag does not support regex in ModSecurity v3.x 3.x Related to ModSecurity version 3.x enhancement
#2432 opened Oct 22, 2020 by martinhsv v3.1.0
@martinhsv
2
Timezone is not included in the time_stamp field of audit log in JSON format 3.x Related to ModSecurity version 3.x enhancement workaround available The issue has either a temporary or permanent workaround available
#2340 opened Jun 16, 2020 by jatgh
@martinhsv
12
@eq operator should produce a warning if used with non-numeric value 3.x Related to ModSecurity version 3.x enhancement
#2281 opened Mar 11, 2020 by martinhsv
@martinhsv
@RBL with IPV6 support ? 3.x Related to ModSecurity version 3.x enhancement
#2210 opened Dec 3, 2019 by jwillberg
Having exec working with scripts other than lua 3.x Related to ModSecurity version 3.x enhancement
#2167 opened Sep 18, 2019 by zimmerle
@martinhsv
6
Error parsing % 3.x Related to ModSecurity version 3.x enhancement
#2145 opened Aug 7, 2019 by fgsch v3.1.0
@zimmerle @victorhora @afoxdavidi
3
Use long long instead of int for comparison, increment, decrement operations and persistent collections 2.x Related to ModSecurity version 2.x enhancement pr available
#2134 opened Jul 17, 2019 by Nakaner Loading…
@zimmerle @victorhora
1
Don't run request body completion checks when ProcessPartial and the input filter has't seen all of the body 2.x Related to ModSecurity version 2.x enhancement pr available
#2093 opened May 14, 2019 by rainerjung v2.9.4
@zimmerle @victorhora
18
Incomplete type declaration for KeyExclusions [pymodsecurity] 3.x Related to ModSecurity version 3.x enhancement
#2078 opened Apr 25, 2019 by GustavoKatel v3.1.0
@victorhora
1
Nginx libmodsecurity v3.0 JSON Log format don't show alert action description 3.x Related to ModSecurity version 3.x enhancement
#2054 opened Mar 26, 2019 by jimant
@victorhora
1
V3/reqbodyproc 3.x Related to ModSecurity version 3.x enhancement pr available workaround available The issue has either a temporary or permanent workaround available
#2045 opened Mar 11, 2019 by airween Loading…
"Database is not open. Use: SecGeoLookupDb directive." after reload 3.x Related to ModSecurity version 3.x enhancement workaround available The issue has either a temporary or permanent workaround available
#2041 opened Mar 7, 2019 by jptosso v3.1.0
@victorhora
14
WIP: Add RE2 regexp engine support 3.x Related to ModSecurity version 3.x enhancement new feature This is a new feature
#2012 opened Jan 30, 2019 by WGH- Loading…
1 of 7 tasks
@zimmerle
14
IIS MSI installers not following MS standard for digital signature 2.x Related to ModSecurity version 2.x enhancement Platform - IIS workaround available The issue has either a temporary or permanent workaround available
#1999 opened Jan 11, 2019 by victorhora v2.9.4
@victorhora
4
Rule set to block requests to overloaded proxied hosts enhancement
#1987 opened Dec 19, 2018 by theseion
@victorhora
1
META-ISSUE: Performance task force 3.x Related to ModSecurity version 3.x enhancement RIP - libmodsecurity
#1734 opened Apr 6, 2018 by zimmerle
@zimmerle
6
ModSecurity IIS module add content-length when chunked transfer encoding is enabled 2.x Related to ModSecurity version 2.x enhancement Platform - IIS pr available
#1364 opened Mar 24, 2017 by maverick64 v2.9.4
@victorhora
2
New operator: Check if transformation changed input enhancement RIP - Type - Feature TBF by libmodsec
#1293 opened Dec 28, 2016 by dune73 v3.1.0
2
ProTip! Exclude everything labeled bug with -label:bug.