secrules_parsing
secrules_parsing copied to clipboard
Handling `&` correctly
Based on this PR it seems that some engines (libmodsecurity3) allow the &
sign with each variables (eg. REQUEST_BODY_LENGTH
) even it makes no sense (what about Coraza?). Apache2 reports a weird message: Error creating rule: The & modificator does not apply to non-collection variables.
but allows &
in front of REQUEST_BODY
although it's not a collection either.
We should decide what way do we want to follow: keep the parser as is now or need some modification to make it more strict.
@theseion, @fzipi, @dune73 - what do you think about?
@M4tteoP, @jptosso - how Coraza handles this syntax?