Christian Folini
Christian Folini
Minimal payload for 1 above ``` $ crssandbox -d "payload=য়/া" 941310 PL1 US-ASCII Malformed Encoding XSS Filter - Attack Detected 949110 PL1 Inbound Anomaly Score Exceeded (Total Score: 5) 980170...
[custom-corpus-941310.txt](https://github.com/user-attachments/files/17645337/custom-corpus-941310.txt)
[custom-corpus-933160.txt](https://github.com/user-attachments/files/17645392/custom-corpus-933160.txt)
OK, I took at peek, namely at the question of the workaround. First, yes, we catch everything at PL2 with our rules, just not on the UA (checked with a...
Thank you very much for an excellent bug report. And sorry for the hassles. You are not on the full CRS 4.0.0 release, but I've looked up the 4 examples...
Is this playing into the "random base64 strings leading to FP" discussion? If yes, then probably not worth the trouble. Do we understand the "web content" mentioned by @M4tteoP by...
I see what you want to do here, but do you really think this is such a big deal? I agree it can happen, but any functionality test of the...
> > I agree it can happen, but any functionality test of the WAF will fail afterwards anyways. > > It depends, most of the exclusion rules looks like this:...
I am not convinced this is needed, but the example with the path constraint is really very hard to spot any other way. Let's discuss this at the next meeting.
This could be for performance (-> backtracking) reasons.