azurit
azurit
> It has been tested and validated by two fellow hosting providers on production servers. But WHAT was validated? I still don't understand this whole 'issue'.
Please describe the issue first. This is not about curl but about web server discarding the body of invalid requests.
It is even not getting into the modsecurity, i checked that.
@touchweb-vincent What are your intensions for splitting the rule?
@touchweb-vincent It doesn't have sense to split a rule into two rules which both targets the same vulnerability, variables and runs in the same paranoia level. It would have sense,...
> In more than 90% of cases, they simply disable the rule entirely, and in over 5% of cases, they disable it for a specific argument. I don't see how...
@dune73 I don't fully agree but let's discuss it.
@touchweb-vincent I still don't understand you. You are NOT someone who is not able to write proper exclusions (because this is only about this - simply do things correctly). For...
If you need to make CRS more accessible to your customers then you should start by educating them on how to properly write exclusions. Othervise, all dedication for making it...
Guys, the more you write about this, the more confident I am that my statements are correct.