modsecurity

HI, I have updated my owasp core rule set to 3.3.4 but it is not working when I hit domain.com?<script>alert()</script> it not showing me 403 error msg. here is my audit_log please check and let me know what wrong [21/Mar/2023:15:49:03 +0530] 167934365.747496 110.26.177.65 271 domain.com 80...

I want to set SecRule on /webmail I am using the below SecRule this is added in the server conf modsecurity on modsecurity_rules ` SecDebugLogLevel 0 SecAuditEngine on SecRuleEngine On SecRule REQUEST_URI "^/webmail" "id:99999,phase:1,deny,status:403" ` modsecurity_rules_file /conf/path but...

I have installed both owasp and comodo rules do both work simultaneously?

I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...

Hello , I using docker container , i read ols modsecurity module and i set my server configiration but Module Parameters added on article code listener and virtual host crashed and not working. when Module Parameters empty not crash virtiualhost and listener i wrote this code module...

Hello, SecRule FILES_TMPNAMES "@inspectFile /usr/local/lsws/cxscgi.sh" "id:351000,rev:1,severity:2,msg:'Upload Malware Scanner:Malicious File upload attempt detected and blocked',log,deny,auditlog,status:403,t:none" this rule is not working properly. modsecurity on modsecurity_rules `...

Hello everyone, I need advice about OpenLiteSpeed WordPress on GCP f1-micro instance. 1) Enabling ModSecurity will increase server security or not? 2) If it will increase security, is it worth to install vs resources limitations (f1-micro instance)?