azurit
azurit
@dune73 As far as i rememeber, we agreed to add OWASP_CRS tag also to PL skipping rules (and all other rules, including crs-setup). I was planning to complete this PR...
Hi @ryanobjc and thanks for reporting this. This is the exact data which is matched by rule `932125`: `|md.+|dasd.+)"}[$__rate_interv` (in fact, this is sufficient: `|md.+|d`) We are matching keyword `md`...
@ryanobjc Have you resolved your problem? Can we close this issue?
Thanks for confirmation! Closing.
@MirkoDziadzka Hi and thanks for reporting this. Why do you think this is a false positive?
@franbuehler Ping.
@theseion I agree. On the top, these are not false positives but simply a misusage of HTTP headers.
@theseion Is this issue only about adding `urlDecodeUni` into `932239` or it needs more research?
BTW, there are more rules which are inspecting `Referer` but are missing `UrlDecodeUni`, for example 932161 and 932237.
As @M4tteoP already stated, running WordPress with CRS requires lots of exclusion rules but it's possible.