Christian Folini
Christian Folini
Thank you @karelorigin. This is clean and to the point how. Yet only if we assume your fix carries the correct architecture. You could say _perfect_, but only when looking...
He @theseion / @karelorigin, following theseion's request to review this, I sat down and read up on this PR again. Like for @lifeforms, this is intellectually challenging for me. Here...
Thank you @karelorigin. Your explanation are really helpful. With anchored, I mean an anchored regular expression. One that defines the value of the Accept-Header from the start to the end....
Thank you @theseion. I got it and I understand your position. Glad to hear your estimation with regards to regex-assembly integration. @karelorigin could you give your estimate in this regard:...
Thank you for this PR and the fixes @fzipi. I have taken a closer look and get the feeling the following terms are attracting false positives. Adding the `@` token...
Honestly, while I think some might be unnecessary, I also think that it's very hard to make a call one way or the other. So I think taking the full...
I guess you need to google for examples. Or do a quick MariaDB installation and run a query.
Thank you @petskratt. I think this is all we need here. I'm removing the *need more info* label. Do you think you could a PR for this to blend in...
Hmm. It seems I did not really look at this. The runtime rule exclusions (-> ctl) won't work with regexes. It's a major shortcoming with ModSecurity unfortunately. Guess, we're at...
I do not think we can do a reasonable generic rule exclusion here. The `SecRuleUpdateTargetById` examples above will work and people will maybe find their way to this issue and...