ModSecurity

"How big is too big" - a new blog post has been published on modsecurity.org - enjoy reading! modsecurity.org/20260222/how-b…

@HackerVault Probably there is a typo here (see the image): there is no such operator ">=". Perhaps you though "@gt".

3 Powerful Seclang Rules You Must Know! 🔥 Build WAF rules for ModSecurity + Coraza that catch SQLi, XSS, and API abuse. Full guide with syntax, anomaly scoring, and chaining examples. hackervault.tech/seclang-powerf… #Seclang #WAF #Coraza #ModSecurity #Cybersecurity #WebSecurity

CRS will have its second community call on September 22, from 20:30 to 21:30 CEST (18:30 UTC / 2:30 p.m. ET) and will be moderated by former CRS co-leader Christian Folini. Check more details and register here: luma.com/8yc1p543

@rad_tech_mx Yes 🙂

¿Habían escuchado de los #WAF (Web application firewall)? reintech.io/blog/configuri…

A new version of mod_security2 has been released, please check the blog post: modsecurity.org/20250805/impro…

A new version of mod_security2 has been released, please check the blog post: modsecurity.org/20250701/dos-v…

@idr00t We don't know how old is this article, but please update it. There is a much newer version than 2.9.7 (2.9.10 is the last release).

How To Install ModSecurity with Apache on Fedora 42 idroot.us/install-modsec… #linux #unix #sysadmin #howto #devops #opensource #foss #server #web #security #ModSecurity #Apache #fedora #fedora42 #idroot #linuxtips #guides

@_0b1d1 With CRS, ModSecurity catches this attack on PL1. $ curl -X POST -d 'q=<a href="jav%0Dascript&colon;alert(1)">' -H "x-format-output: txt-matched-rules" sandbox.coreruleset.org Output: 941390 PL1 Javascript method detected 949110 PL1 Inbound Anomaly ... 980170 PL1 Anomaly Sco...

🛡️ ModSecurity 🧨 <a href="jav%0Dascript&colon;alert(1)">

🔥 XSS WAF Bypass – Elevate Your Exploitation Toolkit 🔥 Unlock hidden paths master the art of bypassing web firewall filters and elevate your web security skills ⤵️Learn More…⤵️

@iototsecnews "No Patch" - you misinform your users. The patch was applied earlier than the advisory was published. Please take a look at our GH page.

ModSecurity の DoS 脆弱性 CVE-2025-47947：No Patch／Yes PoC iototsecnews.jp/2025/05/23/mod… ModSecurity に DoS 脆弱性が発生しましたが、パッチが未適用で PoC が公開という、厳しい状況です。修正版が近日中にリリースされる予定とのことですが、ご利用のチームは、十分にご注意ください。よろしければ、ModSecurity で検索も、ご参照ください。 #CVE202547947 #ModSecurity #Nopatchprovided #OpenSource #PoC #ProofofConcept #Vulnerability

New version of mod_security2 have been released:  github.com/owasp-modsecur… This versions includes a fix against a recently discovered (another) DoS vulnerability: modsecurity.org/20250602/dos-v… Please upgrade your module!

@cayahuanca_ Why is difficult? Feel free to ask on Github or on Slack: owasp.org/slack/invite, channel "project-modsecurity"

Nginx の Docker に、いろんなモジュール入れてるけど、ModSecurity が意外と難しい……

New version has been released: Nginx connector: github.com/owasp-modsecur… blog post: modsecurity.org/20250521/modse… Please note that the log format has been changed!

New version have been released: mod_security2:  github.com/owasp-modsecur… This versions includes a fix against a recently discovered DoS vulnerability: modsecurity.org/20250521/possi… Please upgrade your module!

Happy to announce OWASP Open WAF Day: owasp2025globalappseceu.sched.com/event/1zCJN/op… Feel free to register yourself! #modsecurity #coreruleset #crs #coraza #waf

Please take a look at this issue and share your opinions (on GH): github.com/owasp-modsecur…

@cjihrig There are several ways. - join to our Slack community: owasp.org/slack/invite, check "# project-modsecurity" channel - send any pull request on GH - you can reach us in e-mail: modsecurity at owasp dot org

@ModSecurity that sounds great. how do i join?

@cjihrig @attilah No, it's not "ported". Probably you meant Coraza, but that was written completely from scratch.

@attilah it's already ported to golang!

Running smooth is great, but running secure is essential. #EasyDCIM v1.15.0 now supports #ModSecurity on #Debian-based systems, giving you a critical edge against evolving cybersecurity risks. See how else our platform helps you outpace threats: easydcim.com/blog/easydcim-… #Firewall

Please update your libmodsecurity3 instances as soon as possible: modsecurity.org/20250225/html-…