Workarounds for "Unable to troubleshoot mod_security blocked requests" #2787
Replies: 3 comments 1 reply
-
|
Option 1: we'd need to evaluate all the changes related to owasp-modsecurity/ModSecurity-nginx#170 and try running a build of whatever is on |
Beta Was this translation helpful? Give feedback.
-
|
Option 2: if managed ingress (ALB) can be an option for live-1, we could create a terraform module that makes the "managed rules" available for our users: https://aws.amazon.com/marketplace/solutions/security/waf-managed-rules |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @razvan-moj so what is our current view on managed ingress? What is it that we are waiting for to progress those investigations? |
Beta Was this translation helpful? Give feedback.
-
|
~1 year later, modsecurity is fixed: #2714 |
Beta Was this translation helpful? Give feedback.
-
Hi all. Here is a discussion to look into any potential work arounds to #2714.
This issues is blocked pending a release. However that release looks to have gone stale and there is no obvious date by which this will be addressed (or whether a fix in the next release will actually address the issue).
What are the alternatives as this is blocking services adopting a WAF (which is a security requirement for that service).
Ideas for workarounds. Discuss.
Beta Was this translation helpful? Give feedback.
All reactions