azurit
azurit
> The RFC does not reflect our reality. You can easily send a Referer header with a fragment and then it's up to the server how it handles that URL....
> No. But it's easy to do manually. I'm not worried about benign clients but about deliberate attack requests. I don't get you. This applies to every single attack -...
Problem with this test is that `ARG_LENGTH` is not set by default, so rule `920370` is not executed by default. This test needs modified `crs-setup.conf` to work.
Maybe it won't hurt if we use such crs-setup for all tests (rule `900320` needs to be uncommented).
@ChanThien3101 First of all, you have put all rules into file `dos-protection-config.conf`. This is not how plugins should be written. File ending with `-config.conf` is only for configuration rules. Please...
@ChanThien3101 Sending my initial comments: - Remove .git suffix from URL. - None of your current rules in `dos-protection-config.conf` should be there. This file is supposed to contain only configuration...
Looks much better. Few more things: - Remove absolut path to scripts in rules `9523990` and `9523151`. This is preventing from installing plugin in a different location. Use only a...
HI @louis07r Thank for reporting. Can you try it with newest CRS version? This was probably fixed in version 4.
Which version? In the issue above, you were talking about version 3.3.5: _I have coreruleset-3.3.5 rules._
Your payload is definitely catched by multiple rules: ``` $ curl -H "x-crs-paranoia-level: 1" -H "x-format-output: txt-matched-rules" "https://sandbox.coreruleset.org/?bla=" 941100 PL1 XSS Attack Detected via libinjection 941160 PL1 NoScript XSS InjectionChecker:...