Ervin Hegedus

@canerfilibeli, I took a quick look at your rules. I think that's syntactically correct and all of them do what you want, but I think those are a bit too...

> Ah, this is always such a thin line. But pharmasound is part of a word, while the asound we have in mind stands on its own. Maybe we can...

@JakubOnderka could you take a review too?

> so I looked into the LLVM implementation. Thanks for reviewing that. Moreover, your suggestion to `%T` makes sense, this escaped my attention, thanks too. Unfortunately, after my initial commit...

Hmm... all test have passed. It's very weird. Note, that the original problem was (in my opinion) that previously the test [expected](https://github.com/owasp-modsecurity/ModSecurity/blob/169e719e7a639482ef96c21622debda84f81bc9e/test/test-cases/regression/auditlog.json#L215) this format: `\S{3} \S{3} \d{2}`, but yesterday the...

@JakubOnderka, thanks for reviewed this. > @airween I am not sure if changing that is the best idea as even the new format will still be problematic. There is no...

Closing this PR, we should align the test, not the function. The affected test is [this](https://github.com/owasp-modsecurity/ModSecurity/commit/6408bf9237f3e7fd6c8db795792756724cb99d42#diff-2f716529bbbde1819ae8d43de16f74764ea92ee37cdeda2f7036badd8afa41b7R215).

Hi @sanbernas, thanks for shared this issue. > The option to use double "==" seems to be a specialty in sqlite ([sqlite docs](https://www.sqlite.org/lang_expr.html#:~:text=equals%20can%20be%20either%20=%20or%20==.)): I think this proves the legitimacy of...

@msepczuk - based on your log snippet (next time please share a text based content) your URI is not what you set in your exclusion. Please see the log lines'...

@msepczuk: * see what @azurit wrote above * your rule contains this action: `logdata:'Bypass script 12345678'` - have you seen this message in the log? If not, then it means...