Max Leske

@RedXanadu I'd also add something to the readme on where those variables are being set (-config.conf), so users aren't lost after reading "please make sure to set these variables".

Great! Thanks @RedXanadu!

Great idea. Especially now, that we can provide it as a plugin.

I've added an initial version of the v3 plugin here: https://github.com/coreruleset/dos-protection-plugin-modsecurity-v3. I've implemented the workaround but it needs to be tested.

Somebody needs to test the plugin. I have too many things on my plate at the moment to do that.

Hm. weird. I'll have to look at it. Thanks for checking!

> ... loginject ... libinject?

I agree with @dune73. I would say, write a test case that requires `multiMatch`: - the test should be positive (contain a log entry) after `t:removeNulls` - the test should...

Not that the new rule 932220 does not cover this case. Add a test case that checks pipe use, e.g., `whxmi|s$@h`. See #2892.

Waiting for @lifeforms to provide test set of FP's.