Hey folks,
Which OWASP v3 rules are causing false positives? https://www.modsecurity.org/crs/ Whats the paranoia level you use?
Any rules from somewhere else you find useful?
I see modsecurity commercial offering is over 16,000 rules, seems to much as it may slow site a lot. What do you think?
Imo you need to mainly address SQL injections.
use this configuration to fix opencart false positive
https://github.com/padaliyajay/modsecurity-opencart
https://github.com/padaliyajay/modsecurity-opencart
Since a third-party solution is being suggested on the above, please take note that the forum does not support third-party engines. Users are then using these instructions are their own risks.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Who is online
Users browsing this forum: Bing [Bot] and 6 guests