Christian Folini

It's an annoying problem and we should take care of it. But with so many other things going on, it did not get priority so far. Sorry.

Sorry for the inconvenience, guys. This is annoying. And the examples you give clearly underline the fact, this is overly aggressive. @dentaldeveloper : Are you able to write a rule...

@emphazer volunteered to take on this issue as he has been affected before. This is likely to take until March 2020 though. Meeting minutes: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1671#issuecomment-584320407

Awesome PR and very interesting blogpost. Thank you very much @allanrbo. I second @fgsch's remark about inclusion of the generator into our repository. I have also looked up 920120 in...

That's the correct and expected behavior for MATCHED_VAR, I think.

Meeting decision: @dune73 will look into this, namely the viability of the performance impact and we can then see if we accept the PR (or drop it). https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1671#issuecomment-584320407

Adding the needs-action label to express the fact that we need hard performance data from production.

Thank you for this detailed description. I've labelled it, so we will discuss this in the next community chat on Nov 4, 2030 CET on owasp.slack.com, channel coreruleset. Are you...

@bittner, I knew you have been working on this for quite some time and I welcome the initiative. However, @csanders-git has not discussed this with the rest of the project...

Thank you for the clarifications. Changed *non-committer* to *contributor without commit rights*. That's what I meant to say anyways.