Christian Folini
Christian Folini
I think the patch would be fine. As for the alternative approach with the application, would that be the connector that calls it?
I second @theseion, but anything is fine as long it's not an IP address. :) I mean in most cases, host header and servername should be in sync. So it...
Hey @rainerjung, very good to see you. It's been a while. I second what @RedXanadu has said. We are now concentrating on 3.3.x and 4.x with the 4.x release line...
Do we really want to block phpinfo.php at PL1? Rest is very cool.
I was not aware of CVE-2023-49103. It's still a tough call for me (since it's used as a PoC of successful installation by so many people), but this CVE tilts...
I think you guys have this covered. For the record, I recommend my users work with SecAppId and the corresponding variable this way. That means you defined an AppID in...
Yes exactly. Without relying on the client's information for rule routing. Purely server side config.
The interesting thing is - IIRC - that `WEBAPPID` is ready in phase 1. So a perfect fit for this use case.
Happy to help and thanks for the confirmation.
You can stick to what you are doing @Danrancan. This proposal is just an alternative way to obtain the same functionality. I think it's more elegant, but yours is more...