Hi all, First let me say that i think you are doing a great job with the modsecurity, and the owasp-crs rules.
I have a setup with nginx and modsecurity, i'm using the owasp-crs rules from the repository (git clone https://github.com/SpiderLabs/owasp-modsecurity-crs) and most rules work "out-of-the-box" with the apps i'm testing i've encontered a problem using the rules that try to alter the "headers" i think the problem is related with the "directives" "Header edit..." and "RequestHeader append..." The "rule files" i've found that are causing me problems are the following: - modsecurity_crs_49_header_tagging.conf - modsecurity_crs_55_application_defects.conf Modsecurity was compiled from source with --enable-standalone-module And nginx was compiled from source with --add-module=/path/to/modsecurity Can anyone help with this? Is there any module that i should compile on nginx to be able to "edit" the headers? Thanks
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
