Does CRS support protection from HTTP Request Smuggling attacks?

31 views
Skip to first unread message

Blason R

unread,
Mar 21, 2021, 11:05:15 PM3/21/21
to ModSecurity Core Rule Set project
Hi team,

Just wondering if CRS can or is offering protection against HTTP Request smuggling?

Christian Folini

unread,
Mar 22, 2021, 4:17:00 AM3/22/21
to Blason R, ModSecurity Core Rule Set project
Yes, we have request smuggling protection, but bypasses are possible in
certain situations and if the backend plays along. We have homework to do
in this area.

Best,

Christian
> --
> You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/63276072-11a3-4e88-95d2-33c24e8b06bbn%40owasp.org.

Blason R

unread,
Mar 22, 2021, 4:50:06 AM3/22/21
to Christian Folini, ModSecurity Core Rule Set project
Hi Dr.

I was searching through the rules but didnt find. Any clue or remember Rule ID?

Christian Folini

unread,
Mar 22, 2021, 5:21:40 AM3/22/21
to Blason R, ModSecurity Core Rule Set project
Hi Blason,

On Mon, Mar 22, 2021 at 02:19:53PM +0530, Blason R wrote:
> Hi Dr.

:)

If you ever want to learn more about German mysticism of female Dominican
literature in the 14th century, speak up.

> I was searching through the rules but didnt find. Any clue or remember Rule
> ID?

https://www.netnea.com/cms/core-rule-set-inventory/ is your friend.


921100-921130 are of interest, but actually the next rules up to 921160
may be useful too.

Cheers,

Christian

Blason R

unread,
Mar 22, 2021, 7:31:15 AM3/22/21
to Christian Folini, ModSecurity Core Rule Set project
Awesome and thank you Sire :)
Reply all
Reply to author
Forward
0 new messages