Feature: WAF using ModSecurity CRS 3 and concern with WAF rules #325
Labels
enhancement
New feature or request
Comments
|
Hi, About Modsec v3, one day it will happen. Not all rules work by default, Roxy-WI includes only rules which work with ModSec v2 by default. By default Modsec writes log into /var/www/waf.log, if it has been installed via Roxy-WI. I guess something could be there, I didn't dive deep |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, is there a plan to explore the use of Modsecurity OWASP CRS v3 for the Roxy-Wi?
Also, I've been testing the Roxy-Wi for quite sometime and it works, but previously I've been testing the WAF and it seems the CSRF rules are not working by default(even though the rules is included in the waf/rules directory, I've looked through some documentations and modified modsecurity.conf to link the csrf and other relevant rules to it but when I tried to, the WAF is unable to start, and cannot find any detailed logs but assuming it is related to the rules I've enabled, namely csrf and hijacking_session.
would you be able to give me an advise. realyl appreciate it. Thanks
The text was updated successfully, but these errors were encountered: