https://0d2d0d50.website-1u6.pages.dev/tags/modsecurity-nginx-connector/Recent content in CRS Projecthttps://0d2d0d50.website-1u6.pages.dev/20210302/disabling-request-body-access-in-modsecurity-3-leads-to-complete-bypass/Tue, 02 Mar 2021 12:22:10 +0100<p>If you are running ModSecurity 3 with request body access disabled, then I have some bad news. Please sit down, this will be a while. If you are running ModSecurity 2, or you give the engine access to the request body, then you are not affected. But maybe you want to read this post nevertheless. I&rsquo;ll be discussing a new ModSec3 vulnerability an upcoming new CRS feature and some fundamental problems affecting existing ModSecurity rule sets.</p>