Christian Folini
Christian Folini
The recommended rules carry `SecAuditLogParts ABIJDEFHZ` by default. Could you do `SecAuditLogParts ABCDEFHIJZ` for a test? There used to be a problem with non-alphabetical order of log parts and reference...
We may want to change the recommended file for v3. For v2 "I" is usually better if I'm not mistaken. But if it's not implemented in v3, then that's making...
Thanks for pointing this out.
Thank you
I do not have strong feelings here. But I certainly prefer for different engines to behave the same way. Issuing a warning for a couple of years and then removing...
Link to CRS wiki with the plan for this: * https://github.com/coreruleset/coreruleset/wiki/Hardening%3A-the-Apache-Alpine-Docker-Container-2024#user-content-712-l2-ensure-only-cipher-suites-that-provide-forward-secrecy-are-enabled-automated
We talked about this a big deal during (or rather after) our monthly chat. @dune73 (thus me) came up with a simpler variant of this rule that should kill the...
@airween : Do you have any update on your test with this rule?
Thank you fro your submission @deepwather. Here is my summary of your Alerts: 1 Requests triggered an XML parser error. That's either a broken XML file you are uploading, or...
I did not follow this, so I can not really tell. The report came for 3.2, so I think it is still valid unless we really solved the 930100/10 FPs.