We strive to make the OWASP Modsecurity accessible to a wide audience of beginner and experienced users. We are interested in hearing any bug reports, false positive alert reports, evasions, usability issues, and suggestions for new detections.
Create an issue on GitHub to report a false positive or false negative (evasion). Please include your installed version and the relevant portions of your engine audit log. We will try and address your issue and potentially ask for additional information in order to reproduce your problem. Please also note that stale issues will be flagged and closed after 120 days. You can search for stale issues with the following search query.
Join the #project-modsecurity channel in the OWASP Slack to chat with us.
If you’ve found a false negative/bypass under active exploit, please responsibly disclose the issue by sending an email to [email protected]. If necessary, you can send a message encrypted to our GPG key.