-
**Is your feature request related to a problem? Please describe.**
Right now WAF can only accept a single file for `customSettingsFile` but a customer has expressed interest in mounting and applyin…
-
### Describe the bug
I've experienced issues whereby dos-protection is kicking in, without the request count exceeding a threshold within the given time slice window. This appears when the client is …
-
```
$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d "foo=document.querySelector('p').textContent=\"XSS\""
-- no output --
$ curl -H "x-format-output: txt-matched…
-
### Motivation
I could be wrong but as far as I can tell, the XML External Entity (XXE) protection offered by CRS is fairly poor. There have been multiple attempts in the past to address these …
-
As described by @M4tteoP in https://github.com/coreruleset/coreruleset/pull/3273#issuecomment-1675490075, checking for `dl` might not be worth the trouble. We still have a commented test though (93316…
-
Website idea: Should we add a prominent "Get Involved" section to the front page of coreruleset.org? Something like:
"We're always looking for keen problem solvers to join our team… Get in touch / ta…
-
### Describe the bug
In https://github.com/coreruleset/coreruleset/pull/3055 a new rule was introduced for JSON-Based SQL Injection.
This is a v4 rule.
In testing, we have discovered that the r…
-
I'm not sure if this is a case of 'works as designed', but I work a lot with SAML-related software and I see two clear cases for rule `933120` that _to me_ are FPs:
1. URLs containing `SAMLRequest…
-
Hola!
Hey guys! Nice rule!
Do you want to send this a a patch to the friendly https://github.com/coreruleset/coreruleset project?
We have an issue that is calling for you :D https://github.co…
fzipi updated
2 years ago
-
### Motivation
Per [meeting decision](https://github.com/coreruleset/coreruleset/issues/2330#issuecomment-1004310622), we are going to transfer these rules to a new DoS plugin.
### Proposed solu…
fzipi updated
1 month ago