Skip to content

Rule 920440 from OWASP CRS v3.0.0 does not block a request in libmodsecurity #1272

New issue
New issue
Closed
Closed
Rule 920440 from OWASP CRS v3.0.0 does not block a request in libmodsecurity#1272
Assignees
zimmerle
Labels
RIP - libmodsecurity
@defanator

Description

@defanator
defanator
opened on Nov 24, 2016

Configuration 1: nginx/1.11.5, libmodsecurity: head of v3/master, modsecurity-nginx: head of master
Configuration 2: apache/2.4.18, ModSecurity 2.9.0

Both configurations have been set up to proxy all requests to the http://nginx.org site, with modsecurity turned on with default configuration, and OWASP CRS v3.0.0 configured in the default "anomaly scoring" mode.

For the same request,

 curl -i http://localhost//keys/nginx_signing.key

ModSecurity 2.9 blocks the request, libmodsecurity does not block.

Debug log excerpts are here:
https://gist.github.com/defanator/cdec2cbe3a7eaf5952246700b96e8c9a

Metadata

Metadata

Assignees

Labels

RIP - libmodsecurity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions