Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Scheme #2721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
877509395 wants to merge 2 commits into owasp-modsecurity:v3/master
base: v3/master
Choose a base branch
Loading
from 877509395:scheme
Open

Scheme #2721

877509395 wants to merge 2 commits into owasp-modsecurity:v3/master from 877509395:scheme

Conversation

Copy link

@877509395 877509395 commented Apr 21, 2022
edited
Loading

just to show error, not PR.

Copy link
Contributor

Hi @877509395 ,

Thanks for highlighting that.

The logic is indeed not correct for what was intended, and should get fixed.

Note, however, that it doesn't look like there is any circumstance with the currently-supported v3 deployment (with nginx and the ModSecurity-nginx connector), that this code path will execute.

If you think I'm mistaken and the effect is relatively trivial, feel free to post here. If you think I'm mistaken and the effect is more consequential (possible rule bypass, etc.) please outline the use case to us at the address listed at https://github.com/SpiderLabs/ModSecurity#security-issue .

(Note: For future reference, items like this are better created as 'issues' rather than pull requests.)

Copy link
Author

877509395 commented Oct 11, 2022 via email

OK, will open issue later. Will double check the code later.
...
------------------ 原始邮件 ------------------ 发件人: "SpiderLabs/ModSecurity" ***@***.***>; 发送时间: 2022年4月22日(星期五) 晚上11:18 ***@***.***>; ***@***.******@***.***>; 主题: Re: [SpiderLabs/ModSecurity] Scheme (PR #2721) Hi @877509395 , Thanks for highlighting that. The logic is indeed not correct for what was intended, and should get fixed. Note, however, that it doesn't look like there is any circumstance with the currently-supported v3 deployment (with nginx and the ModSecurity-nginx connector), that this code path will execute. If you think I'm mistaken and the effect is relatively trivial, feel free to post here. If you think I'm mistaken and the effect is more consequential (possible rule bypass, etc.) please outline the use case to us at the address listed at https://github.com/SpiderLabs/ModSecurity#security-issue . (Note: For future reference, items like this are better created as 'issues' rather than pull requests.) — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: ***@***.***>

@marcstern marcstern added the 3.x Related to ModSecurity version 3.x label Feb 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
3.x Related to ModSecurity version 3.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /