You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Configuration 1: nginx/1.11.5, libmodsecurity: head of v3/master, modsecurity-nginx: head of master
Configuration 2: apache/2.4.18, ModSecurity 2.9.0
Both configurations have been set up to proxy all requests to the http://nginx.org site, with modsecurity turned on with default configuration, and OWASP CRS v3.0.0 configured in the default "anomaly scoring" mode.
For the same request,
curl -i http://localhost//keys/nginx_signing.key
ModSecurity 2.9 blocks the request, libmodsecurity does not block.
Configuration 1: nginx/1.11.5, libmodsecurity: head of v3/master, modsecurity-nginx: head of master
Configuration 2: apache/2.4.18, ModSecurity 2.9.0
Both configurations have been set up to proxy all requests to the http://nginx.org site, with modsecurity turned on with default configuration, and OWASP CRS v3.0.0 configured in the default "anomaly scoring" mode.
For the same request,
ModSecurity 2.9 blocks the request, libmodsecurity does not block.
Debug log excerpts are here:
https://gist.github.com/defanator/cdec2cbe3a7eaf5952246700b96e8c9a
The text was updated successfully, but these errors were encountered: