<%@page import="java.net.URLDecoder"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> ModSecurity WAF for Java: Demo page

ModSecurity: Open Source Web Application Firewall

ModSecurity Core Rule Set (CRS) - Installed demo

Please feel free to inject malicious input to stress test the ModSecurity Core Rule Set (CRS). The form accepts both GET and POST request methods. You can either do this via the form below or manually.

Check your servlet context logging for ModSecurity output. The request may also be blocked if, for example, SecRuleEngine is On.

You can also access the ModSecurity for Java - Help page.

Payload:
method= GET enctype= application/x-www-form-urlencoded




<% if (request.getParameter("test") != null) {%>

Last submitted payload:

<%= request.getParameter("test") %>


<% }%>