Christian Folini
Christian Folini
On the ModSecurity front, Marc Stern found out, this is pretty much bogus. https://github.com/owasp-modsecurity/ModSecurity/issues/3294#issuecomment-2488400720
Thanks for writing in. We are working based on a preliminary project plan developed in Dec 2023 and Jan 2024. The project plan proposes to keep v2 productive and supported...
I'm not sure I get your argument about the engine. All the blocking recommended rules do nothing unless you put the engine in - well - blocking mode. So what's...
I see the redundancy and keeping multiple values in sync is annoying. If we recommend 200007, then I think the comment for `SecArgumentsLimit` should make it clear that a violation...
That's a good thought. Would make sense.
Nice find.
Thank you for your contribution @highpingblorg. I see the problem, yet I am skeptical about the proposed solution (like @RedXanadu in the original issue). For me, this is another iteration...
Photo got here just find. Thanks.
Is sent it to you via DM. I hope the problem is not on my client side. I did check the traffic with tcpdump.
Ah sucks. You are totally right. We're sending raw unicode when we should be url-encoding it. This may explain other problems as well. @airween, @fzipi: Is ftw quantitative doing this...