Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unexpected Response Injection in ModSecurity-nginx #337

Open
dbc-ca opened this issue Jan 17, 2025 · 1 comment
Open

Unexpected Response Injection in ModSecurity-nginx #337

dbc-ca opened this issue Jan 17, 2025 · 1 comment

Comments

@dbc-ca
Copy link

dbc-ca commented Jan 17, 2025

I am encountering unexpected behavior when using ModSecurity-nginx with a specific commit of the ModSecurity-nginx repository.

Starting from commit 62639fa (dated June 18, 2024),
I noticed that ModSecurity began injecting unexpected data into the response.

This issue was not present in commit ef64996 (dated May 23, 2024), which was the last working version for me.

My build script use these repositories

NGINX_REPO="https://github.com/nginx/nginx.git"

MODSECURITY_REPO="https://github.com/SpiderLabs/ModSecurity.git"

MODSECURITY_NGINX_REPO="https://github.com/SpiderLabs/ModSecurity-nginx.git"
MODSECURITY_NGINX_TARGET_COMMIT="ef64996aedd4bb5fa1831631361244813d48b82f"

CORERULESET_REPO="https://github.com/coreruleset/coreruleset.git"

Starting from commit 62639fa,
I noticed that websites behind the reverse proxy began returning unexpected/random
characters in the response.

I attempted to download a file, such as example.com/test.png, through the reverse proxy.
When I compared the MD5 checksum of the file downloaded on the client versus the file on the server, the checksums did not match.

This issue does not occur with commit ef64996.
This indicates that something introduced in commit 62639fa is modifying or injecting data into the responses.

I’m not very experienced with reporting issues, but I want to ensure this is as helpful as possible.
if there’s anything specific you need from me—logs,
configurations, or additional details—please let me know,
and I’ll be happy to provide them.

@airween
Copy link
Member

airween commented Jan 18, 2025

@dbc-ca,

thanks for report - please check #336, we are fighting with this issue :).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants