TW - Vincent
TW - Vincent
You’re right, there are duplicate sequences - they should probably be cleaned up. I’ll take a look at this as soon as possible. This rule contains more high false-positive risk...
I think there’s another typo in “cr32”; it should be “crc32” in MySQL. But maybe “cr32” exists in a database system I’m not thinking of (like Oracle or PostgreSQL).
@fzipi i clean up duplicate - if you want check : ```
I had to reorganize the unit tests. Sorry in advance for the headache it’ll give to whoever does the review…
I went through it again, and everything looks clean to me.
Hello, I don’t understand why the conditional enabling of the XML/JSON processors isn’t in `crs-setup.conf.example` but instead here: [https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/modsecurity.conf-recommended](https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/modsecurity.conf-recommended) What you just reported is going to happen again. In my...
You’re right, there’s already a long explanation about this. https://github.com/coreruleset/coreruleset/blob/main/crs-setup.conf.example#L499C1-L506C64 ``` # When additional JSON content types are legitimately used in a deployment, # e.g. application/cloudevents+json, it is extremely important...
No, and I find the statement too soft. Thanks for the link - I’ll also open a PR there.
"May allow" is much softer than saying: “Will allow", because doing so will neutralize half of the WAF rules and seriously expose you to risks that will be detrimental to...