Christian Folini
Christian Folini
Thank you for working on this @dextermallo. Please let us know if there is anything you need.
Add this to the agenda for Monday. https://github.com/coreruleset/coreruleset/issues/3529
Let's discuss this on Monday. It's already in the agenda.
As far as I remember there was no hard opposition against tagging and versioning everything and instead of creating a complicated set of checks and exclusions, I suggest we tag...
I am not 100% sure there is agreement and if yes, I have not understood it yet. It may take a few more words to make it clear for everybody.
List is described here: https://www.ncsc.admin.ch/ncsc/en/home/aktuell/news/news-archiv/update-ransomware-neue-vorgehensweise.html It's targeted at email attachments, actually.
Looking over a body of 450K requests, I see the following file extensions from the list above requested by attackers, that CRS v4-dev did not find suspicious: ``` * .7z...
Yes, I think we should add most of the entries to our list of restricted file extensions.
Correct. Thanks for pointing this out @RedXanadu. It's a question of balancing and given this has been discussed, let's not reiterate this and leave it at this for the time...
I think this header is seriously dangerous. But there are also a lot of mobile clients out there. It's a ModSec shortcoming apparently. But what do we do about it?