TW - Vincent
TW - Vincent
PR submitted accordingly : https://github.com/coreruleset/documentation/pull/251
Hi @azurit We are seeing false positives related to the token asound (example: pharmasound). Common words with a vowel prefix should be avoided particularly because it is likely to match...
@EsadCetiner Like you did here https://github.com/coreruleset/coreruleset/pull/4338/files#diff-2bc4203bbb0b15818a3fdfc562633aec97130a2c5ffe12cf7fe2baf4b9b39ba7R782 ?
@EsadCetiner done
Hello, If someone could take a look at this one, I’d appreciate it. I guess since we’re trying to avoid core Apache 400/404 errors, it’s messing up the unit test...
Qualys WAS explicitly tests for %2F and we regularly observe this pattern in pentests. Apache default error pages tend to leak technical details that scanners (and attackers) use for fingerprinting;...
> And you intend to solve this problem by blocking `%2F`... which results in the default Apache error pages being served? No, that won’t “solve” the underlying issues - but...
You’re absolutely right - this rule isn't meant to “fix” Apache’s behavior itself. The goal is to reduce noise and exposure at the edge, before Apache has a chance to...
I don't know the exact implications for Nginx, Caddy (with Coraza), Envoy, or other engines - behavior may differ per server/proxy. The goal of this PR is simply to address...
Thanks you for the tips with ngninx-overrides. I wanted to create another, broader PR about characters subject to URL encoding that have no legitimate purpose and can enable bypasses of...