owasp

  1. S

    owasp crs 3.3.4 is not wokring in openlitespeed

    HI, I have updated my owasp core rule set to 3.3.4 but it is not working when I hit domain.com?<script>alert()</script> it not showing me 403 error msg. here is my audit_log please check and let me know what wrong [21/Mar/2023:15:49:03 +0530] 167934365.747496 110.26.177.65 271 domain.com 80...
  2. B

    OWASP CRS ModSecurity rules not blocking malicious request body in OpenLiteSpeed

    I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...
Top