Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Spark
Build and deploy intelligent apps
GitHub Models
Manage and compare prompts
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
View all resources
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
GitHub Stars
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
owasp-modsecurity
/
ModSecurity
Public
Notifications
You must be signed in to change notification settings
Fork
1.7k
Star
9.6k
Code
Issues
241
Pull requests
46
Actions
Projects
Models
Wiki
Security
5
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Models
Wiki
Security
Insights
Issues
Search Issues
is
:
issue
state
:
open
is:issue state:open
Search
Labels
Milestones
New issue
Search results
Open
Closed
ModSecurity Phase 2 Access Denied ignored by mod_proxy_http (Request forwarded despite 403)
2.x
Related to ModSecurity version 2.x
Related to ModSecurity version 2.x
Status: Open.
#3509
In owasp-modsecurity/ModSecurity;
·
dantahoua
opened
on Mar 10, 2026
Feature Request: Wildcard/pattern support in ctl:ruleRemoveTargetById (v3)
Status: Open.
#3505
In owasp-modsecurity/ModSecurity;
·
etiennemunnich
opened
on Feb 28, 2026
Feature Request: Add
ARGS_RAW
,
ARGS_GET_RAW
,
ARGS_POST_RAW
, and
ARGS_NAMES_RAW
Variables
new feature
This is a new feature
This is a new feature
Status: Open.
#3501
In owasp-modsecurity/ModSecurity;
·
fzipi
opened
on Feb 18, 2026
RFC: Let's kill mod_security2 for NGINX
🥇 good first issue
Status: Open.
#3498
In owasp-modsecurity/ModSecurity;
·
fzipi
opened
on Feb 16, 2026
Inconsistent Error Log Format of ModSecurity depending on Apache's ErrorLogFormat directive
2.x
Related to ModSecurity version 2.x
Related to ModSecurity version 2.x
Status: Open.
#3472
In owasp-modsecurity/ModSecurity;
·
dune73
opened
on Dec 2, 2025
AFL fuzzer reports
Status: Open.
#3469
In owasp-modsecurity/ModSecurity;
·
chenuduss
opened
on Nov 21, 2025
Variable needed : REQUEST_HAS_BODY to avoid content-type evasion
Status: Open.
#3466
In owasp-modsecurity/ModSecurity;
·
touchweb-vincent
opened
on Nov 20, 2025
No "real" capture of HTTP:BL response
Status: Open.
#3465
In owasp-modsecurity/ModSecurity;
·
nesretep-anp1
opened
on Nov 14, 2025
2.x standalone fails to link since ap_map_http_request_error() is not exported as APR function
2.x
Related to ModSecurity version 2.x
Related to ModSecurity version 2.x
Status: Open.
#3451
In owasp-modsecurity/ModSecurity;
·
kabe-gh
opened
on Oct 22, 2025
Build fails because of missing
library/base64.c
when using Mbed TLS 4.x — Is support planned?
3.x
Related to ModSecurity version 3.x
Related to ModSecurity version 3.x
Status: Open.
#3450
In owasp-modsecurity/ModSecurity;
·
TheophileDiot
opened
on Oct 20, 2025
Question: how is setenv supposed to work in ModSecurity 3.0.x
Status: Open.
#3449
In owasp-modsecurity/ModSecurity;
·
duckasylum
opened
on Oct 17, 2025
ModSecurity v2.9.12 “Skipping request since there is nowhere to write to” despite valid SecAuditLog configuration
2.x
Related to ModSecurity version 2.x
Related to ModSecurity version 2.x
Status: Open.
#3446
In owasp-modsecurity/ModSecurity;
·
tinhutins
opened
on Oct 15, 2025
You can’t perform that action at this time.