Im not quite understanding how to whitelist false postives.
Gitlab behind crs is completly unusable with default rules.
When you do a https git push or for example want to list files in the web overview it gets blocked by rule id 949110
So i added "SecRuleRemoveById 949110" to RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf but this completly seems to disable the waf as i can just do xss requests then as well. (e.g https://dev.example.com/? Githubissues.
Githubissues is a development platform for aggregating issues.
Im not quite understanding how to whitelist false postives.
Gitlab behind crs is completly unusable with default rules.
When you do a https git push or for example want to list files in the web overview it gets blocked by rule id 949110
So i added "SecRuleRemoveById 949110" to RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf but this completly seems to disable the waf as i can just do xss requests then as well. (e.g https://dev.example.com/? Githubissues.