Christian Folini
Christian Folini
You should simply add PUT to the list of allowed methods in crs-setup.conf. That should make the 911100 alert disappear, until we update the WP rule exclusion package for good....
I'd rather have @RedXanadu or @fgsch define that.
@lifeforms could you check this out please?
@emphazer volunteered to work on this, but he can't without the FPs promised by @lifeforms.
Exactly. Recent experience with using ASN information in the assessment of false positives makes me think that full maxmind DB support could be beneficial, thus going beyond the original ModSecurity...
I wonder whether `SecGeoLookupDb` is the way to go here. At least on Apache, the MaxMind module is more flexible, helps to work around ModSec 2.9 not supporting the newer...
Agreed. I think there are many options to get the information into ModSec and the best is probably to provide rules to work on env variables. But I seriously doubt...
### CRS Bug Bounty PR assessment * **Rules affected** (list rules): 920600 **(new rule)**, 920610 **(new rule)**, 920620 **(new rule)**, * **Paranoia Level addressed** (1, 2, 3, 4, full or...
The `@unconditionalMatch` operator can be used to match anything and still report the `MATCHED_VAR` in logdata. This is a lot faster than `@rx`.
The performance impact of `@rx` over other operators is the setup of the regex, which is quite substantial. The `@unconditionalMatch` is cool here, since it will always trigger, yet the...