Ervin Hegedus

> Should we really accumulate all the matches inside a chain? Or are we expecting the matches only from the previous rule (inside a chain or not). Good question. I...

Here is a test rule, please fix it if you find a mistake: ``` SecRule ARGS "@rx 1" \ "id:1000,\ phase:2,\ deny,\ capture,\ t:none,\ log,\ chain" SecRule &REQUEST_HEADERS:x-foo "@gt 0"...

Thank you for sharing your opinion. Meanwhile I chatted with @M4tteoP who checked the behavior in Coraza. Coraza follows the behavior of mod_security2 - a fact I would like to...

> [@MirkoDziadzka](https://github.com/MirkoDziadzka) great find! > > You wrote: > > > But when both rules are there, the second rule contributes 2(!) to the score. So the final score is...

I prepare the PR and I want to add a few new tests. I reviewed the relevant tests in this regard, and found some interesting things: * I think [this](https://github.com/owasp-modsecurity/ModSecurity/blob/31507404e6a6c0da46a85b478301fc73b8c202d4/test/test-cases/regression/variable-MATCHED_VAR.json#L42-L83)...

I agree with @fzipi: we should split this PR into more smaller, but I think it's more important that we have to announce that we will eliminate these functions in...

Also we should check the CI logs - all builds were fail.

Hi @HeikoTheissen, thanks for reaching us. I'm afraid that parsing a `multipart/mixed` content type is not as trivial as it seems at first sight. Unfortunately there is no any "standard"...

> Even if it cannot be parsed, nothing forbids you to add this Content-Type to the allowed ones for your environment That can lead to a bypass - see [this](https://coreruleset.org/20241029/crs-versions-4-8-0-and-3-3-7-released/)...

Hi @dune73, thanks for reporting this. You mentioned issue #2357, but I think the behavior was changed in #2912, where the title explains: _"Do not escape special chars in regex...