Felipe Zipitría
Felipe Zipitría
Then... why adding it? 😄 Is there a followup ticket in Coraza to actually do something with it?
Just in case: trusting what is received in the `Host` header could be dangerous. Are we matching it with some configuration value for "allowed" hostnames? Or we do not care?
So... this looks like might be really FP prone. We don't know what other users use headers for. Can we get a reasonable list, and the expected formats for each...
How much high entropy you need to get `s3://` on a random string? 🤔
Sorry to chime in late. I'll take more time to look at this PR. In the meantime, the problem @touchweb-vincent mentions is something I would also be interested in discuss...
I see what you did. Makes sense. Now, these are mentions to files instead of commands, are they in another list or do we lose them?
Are you really using CRS v3.3.0?
I've been trying to push this one for the upstream C module for a while: https://github.com/libinjection/libinjection/pull/57/files
I think the answer then is yes, we do as you propose @Xhoenix.
Hi @butwhoscounting! Thanks for creating this one. We basically use their upstream images. As long as they have support, we can use it.