Christian Folini
Christian Folini
I am not quite following you; too many negations for my brain. If I remember by correctly, we made this adjustment to make sure we can work with case sensitive...
OK. I got you now. We are based on an engine that defines \@pmf as case-insensitive, yet we act as if it was sensitive in order to comfort implementations that...
Hey Matthias, sorry for the inconvenience. Can you tell me what your SecPcreMatchLimit / SecPcreMatchLimitRecursion is? It's probably too low. But even if it is high enough, these errors are...
This was on the agenda for the community chat on March 2, 2020. But we postponed the discussion. https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1683#issuecomment-593584538
No, I can not see where an empty contnt-type, content-length, set-cookie or location header can be considered standard behaviour. Sure, the protocol does allow it, but that does not mean...
I think that should work, yes.
Decision during the CRS project chat on March 2, 2020: @franbuehler will solve this. https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1683#issuecomment-593584538
Meeting decision: I will review this. https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1671#issuecomment-584320407
I'm trying to get Verizon to test this rule on the CDN as a test case of a collaboration on testing rules. Sorry this takes time.
No feedback from @rbarnett on some other channel?