Christian Folini
Christian Folini
We've never done an AFTER RE file. Namely because we want to enable / disable RE files based on crs-setup.conf and the `SecRuleUpdateTargetById` directive that people would want to place...
Following up on this: We will take this issue or the more general problem behind it to our Developer Summit in October where this will be discussed. It's likely to...
OK. So we looked at this problem in the dev retreat in October. We took the decision to move all Rule Exclusion packages to plugins. This will ultimately allow REs...
The WP RE plugin is in the making but not quite done yet. Giving this some more time.
Sorry for not getting to work on this. The team is currently swamped (see https://coreruleset.org/20220711/update-on-crs-4-0-release-delay/). We're happy to accept pull requests for this though.
Can you make it configurable in the same plugin?
I do not like the idea of separate plugins and I think we ought to explore the complexer combined option. How about this construct: ``` # Lookup SecRule TX:xxx-plugin-rbl-lookup-httpbl_enabled "@eq...
This would belong into the handling block in my proposal above. The handling block is apparently complicated, but that's why you hide it all into a separate plugin in CRS...
Thank you very much for this report. We are aware that we are facing some severe problems with GraphQL. Would you mind sharing the entire request? A curl call perhaps....
Unfortunately yes, @fuomag9. And there is very little we can do with CRS alone. The problem is the lack of parser in ModSec (compare with XML and JSON ...).