azurit
azurit
fix(security): remove double URL decode (921151 PL2, 932190 PL3, 942441 PL2, 942442 PL2, 942460 PL3)
Hm, you are right. Too bad modsec is not providing a separate transformation for `%FFuu`. We should discuss this in more detail.
fix(security): remove double URL decode (921151 PL2, 932190 PL3, 942441 PL2, 942442 PL2, 942460 PL3)
@theseion No, it's not, thanks.
fix(security): remove double URL decode (921151 PL2, 932190 PL3, 942441 PL2, 942442 PL2, 942460 PL3)
> Can we create a separate issue for this problem and continue with this PR and the fixing of R9V-240531, apparently letting IIS users in the rain for a period...
What exactly do you mean by this? Rule 942340 is already in [regex-assembly](https://github.com/coreruleset/coreruleset/blob/main/regex-assembly/942340.ra).
Is it really possible to run a javascript like this? We have no rule which is catching javascript functions on it's own (except `941390` but it's very specific). The common...
Hi @luzmane. > 3. I added fake-bot plugin from https://github.com/coreruleset/plugin-registry , but I don't think it has any effect Try [this](https://github.com/coreruleset/fake-bot-plugin?tab=readme-ov-file#testing). > 5. populated RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf with: Why are doing this?...
What exactly will this PR cause? Will it exclude `pg`, `pg@` and `pg~` from regex assembling?
That doesn't seems fully correct to me, as we are having FPs with `PGT-` and not with, for example, `pg ` (with a space at the end).
1. Yes, see `SecDefaultAction` in `crs-setup.conf`. 2. Thanks for suggestion, we may consider it.
> In your bypass example you mention `for example using \s instead of \s+ in regex`. > > What is the difference on what you did? Does `having` work with...